Ok time is of essence! There is a ton on. Corp wise. Community wise. You may have seen it on social this week that Teams Nation is coming back. Yes, Vesku and I were asked many many times. And yes, we decided to get onboard that crazy train again. But whilst it may seem like an eon away given it's February 2024 and a million things will happen between now and then; you'll have to believe me when I say that I'll soon be sitting here the weekend prior doing last minute speaker checks. So this week is a real quick one. And it's really following on from the blogs on Entra that I have covered the past few weeks. This is looking at System Preferred MFA in the context of Teams. So what is it? By definition, 'System-preferred multifactor authentication (SPMFA) prompts users to sign in using the most secure method they registered'. In other words, if you have registered Authenticator and SMS as two methods to sign-in using MFA then SPMFA is going to prioritise the more secure method which is Authenticator over SMS. It doesn't stop the choice of the other, but it does set precedence when signing into an app such as Teams or into the Microsoft 365 portal. Why is this important? Two reasons. The first is as described - it sets the most secure sign in method and that's ultimately what we as admins want to see for our users in Teams. The second is that by setting precedence, this could facilitate user behavioural change over time, with a view to removing less secure registered methods in the future. Now this feature should be set to enabled by default in time, but today in my Ring 4 test tenant it's set to Microsoft Managed. Could be lit up. May not. But it's not enabled. So here's a twist. Lets enable the methods for Authenticator and SMS, then enrol to MFA, then enable System-preferred MFA by default. Just for laughs, but also because I have a nice fresh tenant after my old one went into grace 😀