Sign up to save your podcasts
Or
Share How to Kill SMS MFA in Entra ID Without a Single Script
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How to Kill SMS MFA in Entra ID Without a Single Script
Louis Mastelinck, a Microsoft MVP and Security Consultant at Proximus NXT, joins me to discuss the critical journey of moving organizations away from SMS-based MFA.
We deep dive into a practical strategy for migrating users to the Authenticator app, starting with βstopping the bleedβ and managing user groups. We also explore a significant security blind spot regarding Email OTP for SharePoint guest access and how to resolve it.
Finally, we debate the future of authentication with device-bound versus synced Passkeys and how to defend against downgrade attacks.
Subscribe with your favorite podcast player or watch on YouTube π
About Louis Mastelinck
Louis Mastelinck is a Security Consultant at Proximus NXT and a recognized Microsoft MVP based in Belgium. Specializing in Incident Response and the full Microsoft Security stack (including MDE, MDO, Sentinel, and Identity Management), he is dedicated to neutralizing threats and securing digital environments. A GCFA-certified professional, Louis is known for his deep technical expertise in areas like Conditional Access and authentication methods.
LinkedIn - https://www.linkedin.com/in/louismastelinck/
π Related Links
* Microsoft: Hang up on SMS - http://aka.ms/hangup
π Chapters
00:00 Intro
00:52 Props and PIM
01:41 The Dangers of SMS MFA
04:51 Strategy: Stopping the Bleed
10:06 Migrating Existing Users off SMS
19:20 Impact on Self-Service Password Reset
22:39 The SharePoint Email OTP Security Gap
25:13 Enabling Entra B2B Integration
34:28 Passkeys: Device-Bound vs Synced
44:40 Defending Against MFA Downgrade Attacks
Podcast Apps
ποΈ Entra.Chat - https://entra.chat
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merillβs socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
𧡠Threads β threads.net/@merillf
π€ GitHub β github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
View all episodes
By Merill Fernando
5
44 ratings
Louis Mastelinck, a Microsoft MVP and Security Consultant at Proximus NXT, joins me to discuss the critical journey of moving organizations away from SMS-based MFA.
We deep dive into a practical strategy for migrating users to the Authenticator app, starting with βstopping the bleedβ and managing user groups. We also explore a significant security blind spot regarding Email OTP for SharePoint guest access and how to resolve it.
Finally, we debate the future of authentication with device-bound versus synced Passkeys and how to defend against downgrade attacks.
Subscribe with your favorite podcast player or watch on YouTube π
About Louis Mastelinck
Louis Mastelinck is a Security Consultant at Proximus NXT and a recognized Microsoft MVP based in Belgium. Specializing in Incident Response and the full Microsoft Security stack (including MDE, MDO, Sentinel, and Identity Management), he is dedicated to neutralizing threats and securing digital environments. A GCFA-certified professional, Louis is known for his deep technical expertise in areas like Conditional Access and authentication methods.
LinkedIn - https://www.linkedin.com/in/louismastelinck/
π Related Links
* Microsoft: Hang up on SMS - http://aka.ms/hangup
π Chapters
00:00 Intro
00:52 Props and PIM
01:41 The Dangers of SMS MFA
04:51 Strategy: Stopping the Bleed
10:06 Migrating Existing Users off SMS
19:20 Impact on Self-Service Password Reset
22:39 The SharePoint Email OTP Security Gap
25:13 Enabling Entra B2B Integration
34:28 Passkeys: Device-Bound vs Synced
44:40 Defending Against MFA Downgrade Attacks
Podcast Apps
ποΈ Entra.Chat - https://entra.chat
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merillβs socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
𧡠Threads β threads.net/@merillf
π€ GitHub β github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More shows like Entra.Chat
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
The Amp Hour Electronics Podcast
231 Listeners
CyberWire Daily
1,020 Listeners
Microsoft Cloud IT Pro Podcast
62 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Practical 365 Podcast - Microsoft 365, Copilot & Cybersecurity News & Discussions
9 Listeners
The Azure Security Podcast
25 Listeners
Cyber Security Headlines
139 Listeners
Blue Security
15 Listeners
Risky Bulletin
44 Listeners