No More Views Over Rio
Office 365 notification MC204985 published on February 27 brings the news that Microsoft is updating the default background image displayed when users sign into Azure Active Directory. The change is being made to reduce the bandwidth consumed by the view of Rio de Janeiro (Figure 1).
According to Microsoft roadmap item 61054, the new image is “1% the size of the previous default image which will reduce bandwidth requirements and improve perceived page load times.” The change is intended to benefit users in bandwidth-constrained locations. Deployment starts in early April and full deployment should be achieved in early May.
Important to Tell Users
Normally the change in a background image isn’t worth commenting upon, but given the number of phishing attempts that trick unwary users into entering their credentials into a false site, it’s important that people are informed about the change and expect to see the new slimmed-down background image, which is startlingly different in its plainness (Figure 2).
Do It Yourself Sign-In Backgrounds
A sign-in to Azure Active Directory has two phases: collect the username and then collect the password. The screens displayed differ depending on what you connect to:
- If you connect using a generic URL for an Office 365 service, like outlook.office.com, the Azure Active Directory sign-in page first captures the username and then captures the password. This is the page that is changing.
- If you connect using a domain variable, like outlook.office.com/office365itpros.com, Azure Active Directory checks if branding is specified for the tenant and applies it when displaying pages to collect the username and then the password.
Tenants that add customized elements for the sign-in page, usually some branding elements like logos or corporate colors, don’t need to recustomize their sign-in page after Microsoft updates the Azure Active Directory sign-in page.
Applying custom branding is easy to do. I created the effect shown in Figure in less than ten minutes. The trick is to select the graphics you need in advance and make sure that they are the right dimensions (1920 x 1080 pixels for the background, less than 300 KB).
The availability of FIDO2 keys has authentication easier for me recently. I have keys for both USB and USB-C from eWBM (Goldengate G310 and G320) and Yubico. Both work really well as a second source for multi-factor authentication against Azure Active Directory. Instead of receiving a code via SMS when prompted to authenticate, I plug a key into my PC to make Azure Active Directory happy…
Understanding Azure Active Directory Authentication
All of which brings me to the topic of authentication. Understanding how the authentication flow works from the time that someone sees the sign-in screen through MFA challenges and so on to reach an application is important knowledge. As we move from the era of basic authentication (simple) to modern authentication (different), it’s a good idea to refresh what we know about this important topic.
A series of videos featuring Stuart Kwan, Principal Program Manager in the Microsoft Identity Division explain how Azure Active Directory authentication works. These videos are available:
The topic of modern authentication is dealt with in:
Good stuff and worth viewing.
The Office 365 for IT Pros eBook covers Azure Active Directory in its own chapter. Lots of good information written by a master of directories.