On September 30th Microsoft will only support a new unified multi-factor authentication control configuration. What does this mean for your nonprofit?

In March 2023 Microsoft announced that after September 30th, 2025, they would no longer automatically support “legacy” multi-factor authentication controls in the Microsoft 365 Entra ID and General Admin administration portals. The methods your staff are using now will not automatically roll over to be allowed via the new admin dashboard after that date. Steve Longenecker, Community IT’s Director of IT Consulting, explains to Carolyn the implications for nonprofits of this change and the Microsoft unified security administration deadline.

The takeaways:

• The new unified authentication dashboard is available now to Microsoft 365 admins.
• The new Authentication Methods page does not inherit methods allowed in the legacy controls. An administrator needs to manually enable the MFA methods your organization wants to allow. Old MFA options your staff are using now will not roll over automatically to the new dashboard.
• Microsoft and Community IT are pushing admins to use this opportunity to to exclude less secure MFA methods. Community IT advises against allowing SMS texting and one-time codes sent to personal email addresses as MFA methods. 
• You can upgrade and implement the new MFA and password reset options at any time, and we advise you to do this before September 30, whether or not Microsoft grants an extension of the deadline.
• If you just started using Microsoft 365 for Nonprofits, you don’t need to worry about the deadline because your initial configuration would already be using the new Authentication Methods page. If you haven’t made the change or don’t know, you need to check before September 30, 2025.
• This change is visible only to Microsoft administrators, who should be making the change and informing staff where appropriate. If you are a nonprofit leader or board member and have not heard from your IT Director or outsourced IT, check with them to understand the plan for your organization. If you are a nonprofit staffer, pay attention to directions on using the safest MFA to protect your nonprofit.
• While not directly impacted by this deadline from Microsoft, Carolyn and Steve discuss the importance of “phish-resistant” MFA, preventing Attacker-in-the-Middle (AitM) attacks, for executives and staff working in finance, IT and other highly targeted areas of your operations. 

NOTE: The timelines on Microsoft changes do sometimes shift, and we are working to keep you updated. Please check for the most recent blog or podcast from us to ensure you have the most recent update.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.