Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Take the survey
Reply
alorenzen
Level 3 Contributor
‎06-27-2019 10:26 AM
Level 3 Contributor
‎06-27-2019 10:26 AM

How the "Baseline policy: End user protection" will effect SMTP devices/printers

Since enabling the Baseline policy: End user protection will hit all users, how does one comply with MFA yet still allow printers to send scans as attachments over SMTP? We are a partner manager with access to the partner center portal. I understand that we can create a new policy that excludes a user (the printer) but from my understanding the requirement is to get all users in our org to comply, including the printer.

Reply
23 REPLIES 23
JeremyTBradshaw
Level 2 Contributor
‎02-17-2020 03:39 AM
Level 2 Contributor
In response to JanoschUlmer
‎02-17-2020 03:39 AM

@JanoschUlmer thanks for the concise answer and clear distinction about how legacy authentication is involved and how Security Defaults will behave.

On a side note, I noticed Azure AD Sign-Ins is only available in AAD Premium P1 and above. It would be nice if this was available to Azure AD Free customers so they can know if they have any clients using legacy auth., before they flip the switch on Security Defaults. I know the Sign-Ins data is available because individuals can see their own through My Sign-Ins. So it's something I've asked for on uservoice. It's kind of mean trick the way it is now.
Reply
0 Kudos
JanoschUlmer
Microsoft
‎02-17-2020 09:30 AM
Microsoft
In response to JeremyTBradshaw
‎02-17-2020 09:30 AM

Good feedback, I agree with you that it would be great not to require Premium to check the sign-in logs.

 

BTW - the data is available without Premium licenses in the Graph beta version. And this is why this powershell does give the sign-in data even without AAD premium, it uses Graph Beta:

https://docs.microsoft.com/en-us/powershell/module/partnercenter/get-partnerusersigninactivity?view=partnercenterps-3.0

Mybe there is even some way to filter for legacy auth, have not tried.

Kind regards,
Janosch
Get consultations form Technical Presales & Deployment services team via https://aka.ms/technicalservices
Reply
JeremyTBradshaw
Level 2 Contributor
‎02-18-2020 09:37 AM
Level 2 Contributor
In response to JanoschUlmer
‎02-18-2020 09:37 AM

@JanoschUlmer Fantastic! I was hoping to find something like that. This is real and great value add for partners supporting their customers.
Reply
0 Kudos
Follow Us
    Share