Sign up to save your podcasts
Or
Share How to Kill SMS MFA in Entra ID Without a Single Script
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How to Kill SMS MFA in Entra ID Without a Single Script
Louis Mastelinck, a Microsoft MVP and Security Consultant at Proximus NXT, joins me to discuss the critical journey of moving organizations away from SMS-based MFA.
We deep dive into a practical strategy for migrating users to the Authenticator app, starting with “stopping the bleed” and managing user groups. We also explore a significant security blind spot regarding Email OTP for SharePoint guest access and how to resolve it.
Finally, we debate the future of authentication with device-bound versus synced Passkeys and how to defend against downgrade attacks.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Louis Mastelinck
Louis Mastelinck is a Security Consultant at Proximus NXT and a recognized Microsoft MVP based in Belgium. Specializing in Incident Response and the full Microsoft Security stack (including MDE, MDO, Sentinel, and Identity Management), he is dedicated to neutralizing threats and securing digital environments. A GCFA-certified professional, Louis is known for his deep technical expertise in areas like Conditional Access and authentication methods.
LinkedIn - https://www.linkedin.com/in/louismastelinck/
🔗 Related Links
* Microsoft: Hang up on SMS - http://aka.ms/hangup
📗 Chapters
00:00 Intro
00:52 Props and PIM
01:41 The Dangers of SMS MFA
04:51 Strategy: Stopping the Bleed
10:06 Migrating Existing Users off SMS
19:20 Impact on Self-Service Password Reset
22:39 The SharePoint Email OTP Security Gap
25:13 Enabling Entra B2B Integration
34:28 Passkeys: Device-Bound vs Synced
44:40 Defending Against MFA Downgrade Attacks
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
View all episodes
By Merill Fernando
5
55 ratings
Louis Mastelinck, a Microsoft MVP and Security Consultant at Proximus NXT, joins me to discuss the critical journey of moving organizations away from SMS-based MFA.
We deep dive into a practical strategy for migrating users to the Authenticator app, starting with “stopping the bleed” and managing user groups. We also explore a significant security blind spot regarding Email OTP for SharePoint guest access and how to resolve it.
Finally, we debate the future of authentication with device-bound versus synced Passkeys and how to defend against downgrade attacks.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Louis Mastelinck
Louis Mastelinck is a Security Consultant at Proximus NXT and a recognized Microsoft MVP based in Belgium. Specializing in Incident Response and the full Microsoft Security stack (including MDE, MDO, Sentinel, and Identity Management), he is dedicated to neutralizing threats and securing digital environments. A GCFA-certified professional, Louis is known for his deep technical expertise in areas like Conditional Access and authentication methods.
LinkedIn - https://www.linkedin.com/in/louismastelinck/
🔗 Related Links
* Microsoft: Hang up on SMS - http://aka.ms/hangup
📗 Chapters
00:00 Intro
00:52 Props and PIM
01:41 The Dangers of SMS MFA
04:51 Strategy: Stopping the Bleed
10:06 Migrating Existing Users off SMS
19:20 Impact on Self-Service Password Reset
22:39 The SharePoint Email OTP Security Gap
25:13 Enabling Entra B2B Integration
34:28 Passkeys: Device-Bound vs Synced
44:40 Defending Against MFA Downgrade Attacks
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More shows like Entra.Chat
View all
StarTalk Radio
14,338 Listeners
The Infinite Monkey Cage
2,061 Listeners
WSJ Tech News Briefing
1,655 Listeners
Risky Business
371 Listeners
Down the Security Rabbithole Podcast (DtSR)
98 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
Click Here
421 Listeners
Microsoft Cloud IT Pro Podcast
64 Listeners
Darknet Diaries
8,088 Listeners
Hacking Humans
316 Listeners
Three Buddy Problem
61 Listeners
Hybrid Identity Protection Podcast
3 Listeners
CISO Tradecraft®
49 Listeners
Risky Bulletin
44 Listeners
Critical Thinking - Bug Bounty Podcast
56 Listeners