Easy Guide to Entra ID’s Registration Campaign Policy

1708529579022
Written by: Sami Refayet
Published: March 21, 2024

Video Transcript

Welcome to this tutorial. Today, we will discuss the Registration Campaign Policy, an initiative that encourages users to adopt a more robust authentication method, specifically the Microsoft Authenticator app.

Why is This Important?

This applies even to those who currently use regular SMS or phone authentication. The objective of this campaign is to compel users to reauthenticate using the Authenticator app. This requires users to download and authenticate exclusively through the app. However, the deployment details of this Authenticator app remain undisclosed, and it is not implemented through the Azure MFA policy or any third-party involvement.

Navigating the Microsoft Entra ID Center

Let’s navigate through this process. We’ll start at the Microsoft Entra ID Center, formerly known as the Azure AD Center. Scroll down to ‘Protection’, then proceed to ‘Authentication Methods’. On the left, you’ll find the ‘Registration Campaign’ tab. Click on it.

admin experience

Setting Up the Registration Campaign Policy

The intention here is to establish a more secure method. You have the flexibility to exclude users in specific scenarios or if you don’t plan to introduce them to Microsoft Authenticator at this point.

In this section, you’ll notice options for ‘Days to Alert’, ‘Snooze Options’, and the limited number of attempts once the policies are enforced, which is three. The designated method is Microsoft Authenticator, the sole option at the top. Assume your users currently rely on SMS authentication.

Preparing for Future Authentication Standards

This campaign will prompt them to adopt the mobile authenticator, necessitating a download. There may be various reasons why you might hesitate to implement this at present. However, keep in mind that this will likely be the exclusive method of account authentication early next year, with Microsoft discontinuing other methods such as SMS. It serves as an effective way to train users.

Customizing the Registration Campaign Policy

For external users, you can selectively include or exclude users to test the mobile authenticator’s functionality. If you wish to modify the settings based on your requirements, click on ‘Edit’. There are three states: ‘Enabled’, ‘Disabled’, and ‘Microsoft Managed’. If Microsoft manages the features, enabling or disabling them depends on their decision. Though you can choose to disable it if you prefer it not to be implemented in your tenant.

However, considering Microsoft Authenticator will be the sole means of authentication in a move towards passwordless for enhanced security, it’s advisable to test with a subset of users. To do this, click on ‘All Users’, and you’ll find the option to select specific groups. You can either create a user or a few users for testing purposes. Alternatively, exclude some users while including others by navigating to ‘Excluded Users and Groups’, adding specific users or searching for groups in your tenant.

Stay Ahead of Security Changes

This tool is valuable but can cause panic if you’re unaware of it and searching in conventional locations for the authenticator implementation yields no results. To delve deeper, you can refer to the article on the registration campaign policy, which should appear in your search. The prerequisites for this process are a Microsoft authentication tenant and an Authenticator app with a minimum version, typically already in use by most users.

For users already having Authenticator, testing is not possible since they are already on SMS or another method. Administrators will enable Azure MFA, and the user experience is crucial. The initial query is whether the user successfully authenticated using Microsoft Enterprise Multifactor Authentication. For instance, a user accustomed to SMS authentication logging in will now be prompted due to the enabled authentication registration campaign policy. They can choose to skip for now during the snooze time, which is three as indicated. This process essentially compels users to download the mobile authenticator app. Follow the steps to get them enrolled, and that concludes the process.

Partner with Us

I hope this explanation was helpful. If you’re looking for expert guidance in implementing Microsoft solutions or navigating security updates like the Registration Campaign Policy, look no further than 360 Visibility. As a leading Microsoft partner, we can help you secure your digital environment and ensure a smooth transition to the latest technologies. Contact us today to get started!

Related Posts