Microsoft is implementing system-preferred authentication for multi-factor authentication (MFA), where the most secure method will be presented first, followed by alternatives if the preferred method is unavailable.
- Azure Active Directory will select the most secure authentication method based on the user's registered options, prioritizing temporary access passes, certificate-based authentication, FIDO2 security keys, Microsoft Authenticator push notifications, and time-based one-time passwords.
- FIDO2 security keys on mobile devices and registration for certificate-based authentication are not supported when system-preferred authentication is enabled, but Microsoft is working on a fix.
- Microsoft is also addressing man-in-the-middle (MitM) attacks through its automatic attack disruption tool in Microsoft 365 Defender, which uses AI techniques to detect and disrupt cyberattacks.
- The automatic attack disruption feature now includes man-in-the-middle attacks, which intercept data between two parties and can bypass MFA to launch further attacks.
