Account Recovery Made Simple with Entra

-

We have all been there: you have a user that needs to have their account recovered, whether it be over the phone, an email, carrier pigeon, etc. However, we do not have a surefire way to verify their identity. Sure, you can send a follow-up email and ask for them to include their photo ID, assuming you're bold enough to click on that attachment that is definitely the real person and not malware. Once you've done that, now you have five more tickets that have just piled up in your queue and your boss wants to know about that project you're working on.

Sound familiar? Well, this is a common issue that plagues a lot of IT teams and results in the loss of productivity as well as revenue. 30% to be precise. Only if there was a way to take the administrative load off of the IT staff, and give control back to the user, all within a compliant environment... Look no more! Now, Microsoft has unveiled the next step in verifying user identities by using real credentials and facial recognition, making the challenge phase of authentication much easier and streamlined. In this article, we'll talk about this amazing new feature in further detail and I will show you how YOU can start using it right now.

How does it work exactly?

As mentioned in the previous part of this article, it works by providing the user the ability to verify their identity using government-issued photo identification or credentials. This in turn is then processed by an identity proofing service that is authorized by Microsoft to handle identification data. Microsoft in this case looks to the proofing service, to validate your face against your government issued photo ID and notify Microsoft if there's a successful match. If there is, your identity is validated and you can begin the process of recovering your account.

The good thing about this new feature is that you are not landlocked into picking a proofing service. You have the option to choose between four services based on your security needs and budget. Luckily, these proofing services do provide some evaluation options with your a couple allowing you to complete 100 transactions for free. In turn, allowing you to fully understand how it works before you begin using it. Any transactions besides this are based on a per-transaction model.

How do I start?

To begin using this new feature, you must begin by going to the Entra portal and scrolling down to the Account recovery (preview) tab in the Entra blade:

Once you have clicked on this button, you will then be given the ability to read more on how it works through a walkthrough, as well as get started. Click on this link to begin the enrolment process:

Now you will be given the option to choose your recovery mode. If this is your first time using this service, I recommend that you try the evaluation mode first so that you can get a sense of the process and how it works. Click "Next" to continue:

I personally recommend using the Evaluation mode so that you can become familiar with how it works and fully assess if it is a good fit for your organization. It is safe for testing and will not change anything. For the sake of demonstration, I chose this option. Now, you will be given the option to choose what groups you would like to include or exclude in the recovery process. Specify the group, then press "Next" to continue:

It is important to note that there is a cost per-transaction. However, each of the proofing services do allow you to evaluate with free trials or free verifications which is great for trying it out. Once you're satisfied with your proofing service, you can then press "Review" and be ready to verify within minutes:

Final Thoughts

Account recovery through verified identification is an excellent way to reduce the stress on your frontline teams, and allow for a truly secure way to recover accounts without the overhead. Give it a try and let me know how you did!

Until next week folks!

Comments

Post a Comment

Popular posts from this blog

Using Power Automate to Update Contact Information

-
 We've all been there- you have a large organization who has out-of-date contact information. What do you do? You could go around to each department and ask them nicely to update their information, or send out an org-wide email prompting people to do so. However, this is tedious and oftentimes a pointless task. By the time you update one department, you're running to fix another. What if you could put the power back in the department's hands to do so? This is a struggle I faced recently as I was trying to find was I could conjure up some updated contact information for each department. As I did my research, I found that I was not alone in this endeavour as it seems that many IT professionals would love to make this process a little bit less painful. With this in mind, I introduce to you my latest flow! This flow will allow you to encourage users to update their contact information, without the overhead that comes with manual effort. In addition to this, this flow utilizes t...
Read more

Using Custom Connectors and Microsoft Graph API's to Manage Licenses in Power Automate - Part One

-
Happy June folks! I come to you with another post, but this time I wanted to change it up and show you something else I have just finished working on. As a SysAdmin, one of the most common issues we run into is managing licenses. Working at a post-secondary institution makes this an even greater challenge, as you have both students, staff and faculty constantly coming as well as going. Managing to keep up with this constant change can introduce great administrative overhead which takes away time from important upkeep of other systems and initiatives. You may also notice this same issue in large corporations or in other government organizations. To help combat this, I wanted to create a flow that can do the following: Get the user and their licenses Determine their last sign-in and the date Conditional to determine if the user is past the "cutoff" date Remove the user from a group where the license is assigned The only problem with doing this is that Power Automate does not ha...
Read more

Using Custom Connectors and Microsoft Graph API's to Manage Licenses in Power Automate - Part Two

-
Hello again! Didn't I promise you that I'd be back to wrap this up? Well, here I am to give you the second tidbit of information that you need to get this started. If you haven't already, take a look at my previous post where I go into depth about creating a custom connector in Power Automate to retrieve the latest sign-in and also gather the user's licenses. Now that we have the custom connector ready, we can now get into the meat n' potatoes of this series. In this post, I will show you the flow that makes this possible and how you can use the custom connector you have created to tie it all together! Hope you enjoy. Understanding the Logic Before we can begin creating the flow, we should first understand how the flow will work. I designed this to flow to be triggered manually, but you may want to schedule it or use another trigger. The trigger will depend on your organization's policies, so please adjust accordingly. Once triggered, the flow will use the Entra...
Read more