Table of Contents
No More Views Over Rio
Office 365 notification MC204985 published on February 27 brings the news that Microsoft is updating the default background image displayed when users sign into Azure Active Directory. The change is being made to reduce the bandwidth consumed by the view of Rio de Janeiro (Figure 1).
According to Microsoft roadmap item 61054, the new image is “1% the size of the previous default image which will reduce bandwidth requirements and improve perceived page load times.” The change is intended to benefit users in bandwidth-constrained locations. Deployment starts in early April and full deployment should be achieved in early May.
Important to Tell Users
Normally the change in a background image isn’t worth commenting upon, but given the number of phishing attempts that trick unwary users into entering their credentials into a false site, it’s important that people are informed about the change and expect to see the new slimmed-down background image, which is startlingly different in its plainness (Figure 2).
Do It Yourself Sign-In Backgrounds
A sign-in to Azure Active Directory has two phases: collect the username and then collect the password. The screens displayed differ depending on what you connect to:
- If you connect using a generic URL for an Office 365 service, like outlook.office.com, the Azure Active Directory sign-in page first captures the username and then captures the password. This is the page that is changing.
- If you connect using a domain variable, like outlook.office.com/office365itpros.com, Azure Active Directory checks if branding is specified for the tenant and applies it when displaying pages to collect the username and then the password.
Tenants that add customized elements for the sign-in page, usually some branding elements like logos or corporate colors, don’t need to recustomize their sign-in page after Microsoft updates the Azure Active Directory sign-in page.
Applying custom branding is easy to do. I created the effect shown in Figure in less than ten minutes. The trick is to select the graphics you need in advance and make sure that they are the right dimensions (1920 x 1080 pixels for the background, less than 300 KB).
FIDO2 Keys
The availability of FIDO2 keys has authentication easier for me recently. I have keys for both USB and USB-C from eWBM (Goldengate G310 and G320) and Yubico. Both work really well as a second source for multi-factor authentication against Azure Active Directory. Instead of receiving a code via SMS when prompted to authenticate, I plug a key into my PC to make Azure Active Directory happy…
Understanding Azure Active Directory Authentication
All of which brings me to the topic of authentication. Understanding how the authentication flow works from the time that someone sees the sign-in screen through MFA challenges and so on to reach an application is important knowledge. As we move from the era of basic authentication (simple) to modern authentication (different), it’s a good idea to refresh what we know about this important topic.
A series of videos featuring Stuart Kwan, Principal Program Manager in the Microsoft Identity Division explain how Azure Active Directory authentication works. These videos are available:
Authentication fundamentals: The basics | Azure Active Directory
Authentication fundamentals: Web applications | Azure Active Directory
Authentication fundamentals: Web single sign-on | Azure Active Directory
Authentication fundamentals: Federation | Azure Active Directory
The topic of modern authentication is dealt with in:
Authentication fundamentals: Native client applications- Part 1 | Azure Active Directory
and
Authentication fundamentals: Native client applications- Part 2 | Azure Active Directory
Good stuff and worth viewing.
The Office 365 for IT Pros eBook covers Azure Active Directory in its own chapter. Lots of good information written by a master of directories.
I would prefer it to be monochrome instead of mimicking MS logo colors. Also, dark mode enthusiast voice their concerns with this light bg blasting at their eyes at night 🙂
Office went from a view of the sunset, to “need some sun in your eyes, bro!” As with us, a lot of people use Office for professional reasons. And I get MS wanted to white-wash the professional into the UI, but this is too gentrified for anybody! I engineer AI for a living, and this is too boring even for me!
So create your own background…. and then convince your tenant to deploy it!
The list of supplies for Fido keys seems to be growing – as does the variety of features available (form factor, Fido, Fido2 etc). More recently there have been Fido keys wth NFC capability ( https://deepnetsecurity.com/authenticators/fido-u2f/ ), and even some that are bluetooth capable, but possibly the best news is if you have a recent version of android then your phone itself can be used as a Fido device.