How to Kill SMS MFA in Entra ID Without a Single Script

Louis Mastelinck, a Microsoft MVP and Security Consultant at Proximus NXT, joins me to discuss the critical journey of moving organizations away from SMS-based MFA.We deep dive into a practical strategy for migrating users to the Authenticator app, starting with “stopping the bleed” and managing user groups. We also explore a significant security blind spot regarding Email OTP for SharePoint guest access and how to resolve it. Finally, we debate the future of authentication with device-bound versus synced Passkeys and how to defend against downgrade attacks.Subscribe with your favorite podcast player or watch on YouTube 👇About Louis MastelinckLouis Mastelinck is a Security Consultant at Proximus NXT and a recognized Microsoft MVP based in Belgium. Specializing in Incident Response and the full Microsoft Security stack (including MDE, MDO, Sentinel, and Identity Management), he is dedicated to neutralizing threats and securing digital environments. A GCFA-certified professional, Louis is known for his deep technical expertise in areas like Conditional Access and authentication methods.LinkedIn - https://www.linkedin.com/in/louismastelinck/ 🔗 Related Links* Microsoft: Hang up on SMS - http://aka.ms/hangup📗 Chapters00:00 Intro 00:52 Props and PIM 01:41 The Dangers of SMS MFA 04:51 Strategy: Stopping the Bleed 10:06 Migrating Existing Users off SMS 19:20 Impact on Self-Service Password Reset 22:39 The SharePoint Email OTP Security Gap 25:13 Enabling Entra B2B Integration 34:28 Passkeys: Device-Bound vs Synced 44:40 Defending Against MFA Downgrade AttacksPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

There are no comments yet.

Please log in to write the first comment.