On September 30th Microsoft will only support a new unified multi-factor authentication control configuration. What does this mean for your nonprofit?
In March 2023 Microsoft announced that after September 30th, 2025, they would no longer automatically support “legacy” multi-factor authentication controls in the Microsoft 365 Entra ID and General Admin administration portals. The methods your staff are using now will not automatically roll over to be allowed via the new admin dashboard after that date. Steve Longenecker, Community IT’s Director of IT Consulting, explains to Carolyn the implications for nonprofits of this change and the Microsoft unified security administration deadline.
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
The takeaways:
- The new unified authentication dashboard is available now to Microsoft 365 admins.
- The new Authentication Methods page does not inherit methods allowed in the legacy controls. An administrator needs to manually enable the MFA methods your organization wants to allow. Old MFA options your staff are using now will not roll over automatically to the new dashboard.
- Microsoft and Community IT are pushing admins to use this opportunity to to exclude less secure MFA methods. Community IT advises against allowing SMS texting and one-time codes sent to personal email addresses as MFA methods.
- You can upgrade and implement the new MFA and password reset options at any time, and we advise you to do this before September 30, whether or not Microsoft grants an extension of the deadline.
- If you just started using Microsoft 365 for Nonprofits, you don’t need to worry about the deadline because your initial configuration would already be using the new Authentication Methods page. If you haven’t made the change or don’t know, you need to check before September 30, 2025.
- This change is visible only to Microsoft administrators, who should be making the change and informing staff where appropriate. If you are a nonprofit leader or board member and have not heard from your IT Director or outsourced IT, check with them to understand the plan for your organization. If you are a nonprofit staffer, pay attention to directions on using the safest MFA to protect your nonprofit.
- While not directly impacted by this deadline from Microsoft, Carolyn and Steve discuss the importance of “phish-resistant” MFA, preventing Attacker-in-the-Middle (AitM) attacks, for executives and staff working in finance, IT and other highly targeted areas of your operations.
NOTE: The timelines on Microsoft changes do sometimes shift, and we are working to keep you updated. Please check for the most recent blog or podcast from us to ensure you have the most recent update.
Microsoft Unified Security Administration Deadline Approaching
Steve Longenecker on how to tackle the upcoming update to Microsoft’s methods of managing MFA at your nonprofit.
Check back for our latest updates on the podcast and blog to understand any changes to Microsoft’s policies for unified security administration deadlines.
Presenters
As Director of IT Consulting, Steve Longenecker divides his time at Community IT primarily between managing the company’s Projects Team and consulting with clients on IT planning. Steve brings a deep background in IT support and strategic IT management experience to his work with clients. His thoughtful and empathetic demeanor helps non-technical nonprofit leaders manage their IT projects and understand the Community IT partnership approach.
Steve also specializes in Information Architecture and migrations, implementations, file-sharing platforms, collaboration tools, and Google Workspace support. His knowledge of nonprofit budgeting and management styles make him an invaluable partner in technology projects.
Steve is MCSE and Microsoft 365 Fundamentals MS 900 certified and is a certified Professional Google Workspace Administrator. He has a B.A. in Biology from Earlham College in Richmond, IN and a Masters in the Art of Teaching from Tufts University in Massachusetts.
Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College.
She was happy to have this podcast conversation with Steve about the Microsoft unified security administration deadline approaching.
Ready to get strategic about your IT?
Community IT has been serving nonprofits exclusively for twenty years. We offer Managed IT support services for nonprofits that want to outsource all or part of their IT support and hosted services. For a fixed monthly fee, we provide unlimited remote and on-site help desk support, proactive network management, and ongoing IT planning from a dedicated team of experts in nonprofit-focused IT. And our clients benefit from our IT Business Managers team who will work with you to plan your IT investments and technology roadmap if you don’t have an in-house IT Director.
We constantly research and evaluate new technology to ensure that you get cutting-edge solutions that are tailored to your organization, using standard industry tech tools that don’t lock you into a single vendor or consultant. And we don’t treat any aspect of nonprofit IT as if it is too complicated for you to understand. When you are worried about productivity, change management, and implementation of new technology, you shouldn’t also have to worry about understanding your provider. You want a partner who understands nonprofits.
We think your IT vendor should be able to explain everything without jargon or lingo. If you can’t understand your IT management strategy to your own satisfaction, keep asking your questions until you find an outsourced IT provider who will partner with you for well-managed IT.
More on our Managed Services here. More resources on Microsoft tools used by nonprofits here.
If you’re ready to gain peace of mind about your IT support, let’s talk.
Transcript coming soon
Photo by Max Harlynking on Unsplash