Skip to content

v5.8.5 - Per User MFA

Compare
Choose a tag to compare
@KelvinTegelaar KelvinTegelaar released this 14 Jun 14:11
· 479 commits to main since this release
4269a2c

So last weeks release was already a little spoiler to this one. We knew we had to wait on Microsoft so we made you all expect the unexpected.

Microsoft and our team has been working closely on this for the past 6 months, having hard discussions with Microsoft on needs and creating an API isn't always the easiest, but thanks to @microsoft and specifically Luc van der Ende at Microsoft it is now possible to use CIPP to control per user MFA. This is an amazing feature and worthy of an in between release.

Per user MFA Explained

Per user MFA is a legacy method of MFA that many tenants still use, it has no license requirements and is free to use for anyone. It used to be managed via the Microsoft MSOL module which is now gone. Thanks to our hard work this has been converted to a Graph API by Microsoft.

Per User MFA is on a deprecation path, but currently is still the only way for you to use MFA for each logon when you do not have Conditional Access Available. CIPP introduces management of per user MFA in multiple ways:

Reports

The CIPP MFA report has been updated to include per user MFA, Now you know that as long as one of the checkboxes are green, your users are protected by some form of MFA
image

User Settings

It's pretty useless to report on something, and then not set it right? We've added the set per user MFA option to the users flyout. Select a user, set their MFA.
image

Of course that's also available as a bulk option, so you can set it for multiple users in one go.

Standard

Of course you don't want to keep checking which users have MFA and which do not. You can set the new Per User MFA standard. This standard allows you to set up MFA for all users that are missing it, report on it in our reporting engine, or alert on it when you need to know what's going on.

image

Other notable changes

  • Fixed an issue with exchange sometimes using the incorrect domain
  • Fixed an issue with SAM Wizard not completing without a hard refresh
  • Fixed an issue with blocked domains blocking access everywhere.

Sponsors

We extend our gratitude to our supporters at https://renroros.no, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com, https://rewst.io and our newest sponsor, https://traceless.io and of course https://augmentt.com!

What's Changed

Full Changelog: v5.8.0...v5.8.5