{"id":62268,"date":"2023-07-31T11:27:10","date_gmt":"2023-07-31T09:27:10","guid":{"rendered":"https:\/\/www.bestonline.cz\/?p=62268"},"modified":"2023-07-31T11:27:59","modified_gmt":"2023-07-31T09:27:59","slug":"povinna-migrace-zasad-vicefaktoroveho-overovani-a-samoobsluzneho-resetovani-hesla","status":"publish","type":"post","link":"https:\/\/www.bestonline.cz\/povinna-migrace-zasad-vicefaktoroveho-overovani-a-samoobsluzneho-resetovani-hesla\/","title":{"rendered":"Povinn\u00e1 migrace z\u00e1sad v\u00edcefaktorov\u00e9ho ov\u011b\u0159ov\u00e1n\u00ed a samoobslu\u017en\u00e9ho resetov\u00e1n\u00ed hesla"},"content":{"rendered":"\n

Od 30. z\u00e1\u0159\u00ed 2024 budou star\u0161\u00ed z\u00e1sady v\u00edcefaktorov\u00e9ho ov\u011b\u0159ov\u00e1n\u00ed a samoobslu\u017en\u00e9ho resetov\u00e1n\u00ed hesla zastaral\u00e9 a v\u0161echny st\u00e1vaj\u00edc\u00ed metody ov\u011b\u0159ov\u00e1n\u00ed se budou se nad\u00e1le spravovat pouze v nov\u00fdch z\u00e1sad\u00e1ch metod ov\u011b\u0159ov\u00e1n\u00ed v Microsoft Entra (d\u0159\u00edve Azure Active Directory nebo zkr\u00e1cen\u011b Azure AD). <\/p>\n\n\n\n

Microsoft za t\u00edmto \u00fa\u010delem zprovoznil ovl\u00e1dac\u00ed prvek, kter\u00fdm m\u016f\u017eete spravovat migraci ze star\u0161\u00edch z\u00e1sad na nov\u00e9 sjednocen\u00e9 z\u00e1sady.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Jak se p\u0159ipravit?<\/h2>\n\n\n\n

1. Zkontrolujte star\u0161\u00ed z\u00e1sady v\u00edcefaktorov\u00e9ho ov\u011b\u0159ov\u00e1n\u00ed<\/h3>\n\n\n\n

Za\u010dn\u011bte dokumentov\u00e1n\u00edm metod, kter\u00e9 jsou dostupn\u00e9 ve star\u0161\u00edch z\u00e1sad\u00e1ch MFA. P\u0159ihlaste se k\u00a0Azure Portal<\/a>\u00a0jako\u00a0glob\u00e1ln\u00ed spr\u00e1vce<\/a>. Pokud chcete zobrazit nastaven\u00ed, p\u0159ejd\u011bte na U\u017eivatel\u00e9<\/strong>>V\u0161ichni u\u017eivatel\u00e9<\/strong>>V\u00edcefaktorov\u00e9<\/strong> ov\u011b\u0159ov\u00e1n\u00ed<\/strong>. P\u0159epn\u011bte se do nastaven\u00ed platn\u00e9 pro cel\u00e9ho tenanta:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

U ka\u017ed\u00e9 metody si v\u0161imn\u011bte, jestli je pro tenanta povolen\u00e1. N\u00e1sleduj\u00edc\u00ed tabulka uv\u00e1d\u00ed metody dostupn\u00e9 ve star\u0161\u00edch z\u00e1sad\u00e1ch v\u00edcefaktorov\u00e9ho ov\u011b\u0159ov\u00e1n\u00ed a odpov\u00eddaj\u00edc\u00ed metody v z\u00e1sad\u00e1ch metody ov\u011b\u0159ov\u00e1n\u00ed.<\/p>\n\n\n\n

Z\u00e1sady v\u00edcefaktorov\u00e9ho ov\u011b\u0159ov\u00e1n\u00ed<\/th>Z\u00e1sady metody ov\u011b\u0159ov\u00e1n\u00ed<\/th><\/tr><\/thead>
Vol\u00e1n\u00ed na telefon<\/td>hlasov\u00e9 hovory<\/td><\/tr>
Textov\u00e1 zpr\u00e1va na telefon<\/td>SMS<\/td><\/tr>
Ozn\u00e1men\u00ed prost\u0159ednictv\u00edm mobiln\u00ed aplikace<\/td>Microsoft Authenticator<\/td><\/tr>
Ov\u011b\u0159ovac\u00ed k\u00f3d z mobiln\u00ed aplikace nebo hardwarov\u00e9ho tokenu<\/td>Softwarov\u00e9 tokeny OATH t\u0159et\u00edch stran
Hardwarov\u00e9 tokeny OATH (zat\u00edm nejsou k dispozici)
Microsoft Authenticator<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

2. Projd\u011bte si star\u0161\u00ed z\u00e1sady samoobslu\u017en\u00e9ho resetov\u00e1n\u00ed hesla.<\/h3>\n\n\n\n

Pokud chcete z\u00edskat metody ov\u011b\u0159ov\u00e1n\u00ed dostupn\u00e9 ve star\u0161\u00edch z\u00e1sad\u00e1ch SSPR, p\u0159ejd\u011bte na Metody ov\u011b\u0159ov\u00e1n\u00ed<\/strong>\u00a0pro Resetov\u00e1n\u00ed hesla<\/strong> v p\u016fvodn\u00edm Azure Active Directory<\/strong>. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Poznamenejte si, kte\u0159\u00ed u\u017eivatel\u00e9 jsou v rozsahu pro SSPR (v\u0161ichni u\u017eivatel\u00e9, jedna konkr\u00e9tn\u00ed skupina nebo \u017e\u00e1dn\u00ed u\u017eivatel\u00e9) a metody ov\u011b\u0159ov\u00e1n\u00ed, kter\u00e9 m\u016f\u017eou pou\u017e\u00edt. I kdy\u017e bezpe\u010dnostn\u00ed ot\u00e1zky je\u0161t\u011b nejsou k dispozici ke spr\u00e1v\u011b v z\u00e1sad\u00e1ch Metody ov\u011b\u0159ov\u00e1n\u00ed, nezapome\u0148te si je zaznamenat na pozd\u011bji, a\u017e budou.<\/p>\n\n\n\n

Metody ov\u011b\u0159ov\u00e1n\u00ed SSPR<\/th>Z\u00e1sady metody ov\u011b\u0159ov\u00e1n\u00ed<\/th><\/tr><\/thead>
Ozn\u00e1men\u00ed v mobiln\u00ed aplikaci<\/td>Microsoft Authenticator<\/td><\/tr>
K\u00f3d mobiln\u00ed aplikace<\/td>Microsoft Authenticator
Softwarov\u00e9 tokeny OATH<\/td><\/tr>
E-mail<\/td>Email jednor\u00e1zov\u00e9 heslo<\/td><\/tr>
Mobiln\u00ed telefon<\/td>hlasov\u00e9 hovory
SMS<\/td><\/tr>
Telefon do kancel\u00e1\u0159e<\/td>hlasov\u00e9 hovory<\/td><\/tr>
Bezpe\u010dnostn\u00ed ot\u00e1zky<\/td>Zat\u00edm nen\u00ed k dispozici; ot\u00e1zky t\u00fdkaj\u00edc\u00ed se kop\u00edrov\u00e1n\u00ed pro pozd\u011bj\u0161\u00ed pou\u017eit\u00ed<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

3. Zkontrolujte z\u00e1sady metod ov\u011b\u0159ov\u00e1n\u00ed<\/h3>\n\n\n\n

Pokud chcete zkontrolovat nastaven\u00ed v z\u00e1sad\u00e1ch Metody ov\u011b\u0159ov\u00e1n\u00ed, p\u0159ihlaste se jako\u00a0spr\u00e1vce z\u00e1sad ov\u011b\u0159ov\u00e1n\u00ed<\/a>\u00a0a p\u0159ejd\u011bte na Z\u00e1sady metod <\/strong>ov\u011b\u0159ov\u00e1n\u00ed <\/strong>v Azure Active Directory<\/strong>. Ka\u017ed\u00fd nov\u00fd tenant m\u00e1 ve sv\u00e9m v\u00fdchoz\u00edm nastaven\u00ed v\u0161echny metody\u00a0vypnut\u00e9<\/strong>, co\u017e usnad\u0148uje migraci, proto\u017ee star\u0161\u00ed nastaven\u00ed z\u00e1sad nen\u00ed pot\u0159eba slou\u010dit se st\u00e1vaj\u00edc\u00edmi nastaven\u00edmi.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Z\u00e1sady metod ov\u011b\u0159ov\u00e1n\u00ed maj\u00ed dal\u0161\u00ed metody, kter\u00e9 nejsou ve star\u0161\u00edch verz\u00edch z\u00e1sad dostupn\u00e9, jako je kl\u00ed\u010d zabezpe\u010den\u00ed FIDO2, do\u010dasn\u00fd p\u0159\u00edstup a Azure AD ov\u011b\u0159ov\u00e1n\u00ed na z\u00e1klad\u011b certifik\u00e1tu. Tyto metody nejsou v rozsahu migrace, a pokud jste je u\u017e nakonfigurovali, nebudete je muset nijak m\u011bnit.<\/p>\n\n\n\n

Pokud jste v z\u00e1sad\u00e1ch Metody ov\u011b\u0159ov\u00e1n\u00ed povolili jin\u00e9 metody, poznamenejte si u\u017eivatele a skupiny, kte\u0159\u00ed tyto metody m\u016f\u017eou nebo nem\u016f\u017eou pou\u017e\u00edvat. Poznamenejte si konfigura\u010dn\u00ed parametry, kter\u00e9 \u0159\u00edd\u00ed zp\u016fsob pou\u017eit\u00ed metody. Aplikaci Microsoft Authenticator m\u016f\u017eete nap\u0159\u00edklad nakonfigurovat tak, aby poskytovala polohu v nab\u00edzen\u00fdch ozn\u00e1men\u00edch. Vytvo\u0159te z\u00e1znam o tom, kte\u0159\u00ed u\u017eivatel\u00e9 a skupiny maj\u00ed povolen\u00e9 podobn\u00e9 konfigura\u010dn\u00ed parametry p\u0159idru\u017een\u00e9 k jednotliv\u00fdm metod\u00e1ch.<\/p>\n\n\n\n

Jak migrovat<\/h2>\n\n\n\n

1. Spu\u0161t\u011bn\u00ed migrace<\/h3>\n\n\n\n

Po zachycen\u00ed dostupn\u00fdch metod ov\u011b\u0159ov\u00e1n\u00ed ze z\u00e1sad, kter\u00e9 aktu\u00e1ln\u011b pou\u017e\u00edv\u00e1te, m\u016f\u017eete zah\u00e1jit migraci. Otev\u0159ete z\u00e1sadu Metody ov\u011b\u0159ov\u00e1n\u00ed, vyberte\u00a0Spravovat migraci<\/strong>\u00a0a vyberte\u00a0Prob\u00edh\u00e1 migrace<\/strong>. Tuto mo\u017enost je vhodn\u00e9 nastavit p\u0159ed proveden\u00edm jak\u00fdchkoli zm\u011bn, proto\u017ee nov\u00e1 z\u00e1sada se pou\u017eije pro sc\u00e9n\u00e1\u0159e p\u0159ihla\u0161ov\u00e1n\u00ed i resetov\u00e1n\u00ed hesla.<\/p>\n\n\n\n

2. Aktualizujte z\u00e1sady metod ov\u011b\u0159ov\u00e1n\u00ed<\/h3>\n\n\n\n

Jednotliv\u00e9 metody si projd\u011bte jednotliv\u011b. Pokud v\u00e1\u0161 tenant pou\u017e\u00edv\u00e1 jenom star\u0161\u00ed z\u00e1sady v\u00edcefaktorov\u00e9ho ov\u011b\u0159ov\u00e1n\u00ed a nepou\u017e\u00edv\u00e1 SSPR, je aktualizace jednoduch\u00e1 \u2013 m\u016f\u017eete povolit ka\u017edou metodu pro v\u0161echny u\u017eivatele a p\u0159esn\u011b odpov\u00eddat st\u00e1vaj\u00edc\u00edm z\u00e1sad\u00e1m.<\/p>\n\n\n\n

Pokud v\u00e1\u0161 tenant pou\u017e\u00edv\u00e1 MFA i SSPR, budete muset zv\u00e1\u017eit ka\u017edou metodu:<\/p>\n\n\n\n

    \n
  • Pokud je metoda povolen\u00e1 v obou star\u0161\u00edch verz\u00edch z\u00e1sad, povolte ji pro v\u0161echny u\u017eivatele v z\u00e1sad\u00e1ch Metody ov\u011b\u0159ov\u00e1n\u00ed.<\/li>\n\n\n\n
  • Pokud je metoda v obou star\u0161\u00edch verz\u00edch z\u00e1sad vypnut\u00e1, nechte ji vypnutou pro v\u0161echny u\u017eivatele v z\u00e1sad\u00e1ch Metody ov\u011b\u0159ov\u00e1n\u00ed.<\/li>\n\n\n\n
  • Pokud je metoda povolen\u00e1 jenom v jedn\u00e9 z\u00e1sad\u011b, mus\u00edte se rozhodnout, jestli by m\u011bla b\u00fdt dostupn\u00e1 ve v\u0161ech situac\u00edch.<\/li>\n<\/ul>\n\n\n\n

    Tam, kde se z\u00e1sady shoduj\u00ed, m\u016f\u017eete snadno odpov\u00eddat aktu\u00e1ln\u00edmu stavu. Pokud dojde k neshod\u011b, budete se muset rozhodnout, jestli tuto metodu \u00fapln\u011b povol\u00edte nebo zak\u00e1\u017eete. P\u0159edpokl\u00e1dejme nap\u0159\u00edklad, \u017ee je povolen\u00e9 ozn\u00e1men\u00ed prost\u0159ednictv\u00edm mobiln\u00ed aplikace<\/strong> , aby se povolila nab\u00edzen\u00e1 ozn\u00e1men\u00ed pro v\u00edcefaktorov\u00e9 ov\u011b\u0159ov\u00e1n\u00ed. Ve star\u0161\u00edch z\u00e1sad\u00e1ch SSPR nen\u00ed povolen\u00e1 metoda ozn\u00e1men\u00ed mobiln\u00ed aplikace<\/strong> . V takov\u00e9m p\u0159\u00edpad\u011b star\u0161\u00ed z\u00e1sady umo\u017e\u0148uj\u00ed nab\u00edzen\u00e1 ozn\u00e1men\u00ed pro MFA, ale ne SSPR.<\/p>\n\n\n\n

    V z\u00e1sad\u00e1ch Metody ov\u011b\u0159ov\u00e1n\u00ed se pak budete muset rozhodnout, jestli chcete povolit\u00a0microsoft Authenticator<\/strong>\u00a0pro SSPR i MFA, nebo jestli ho chcete zak\u00e1zat (doporu\u010dujeme povolit Microsoft Authenticator).<\/p>\n\n\n\n

    3. Dokon\u010den\u00ed migrace<\/h3>\n\n\n\n

    Po aktualizaci z\u00e1sad Metody ov\u011b\u0159ov\u00e1n\u00ed projd\u011bte star\u0161\u00ed z\u00e1sady MFA a SSPR a jednotliv\u00e9 metody ov\u011b\u0159ov\u00e1n\u00ed odeberte jednotliv\u011b. Otestujte a ov\u011b\u0159te zm\u011bny pro ka\u017edou metodu.<\/p>\n\n\n\n

    Kdy\u017e zjist\u00edte, \u017ee MFA a SSPR funguj\u00ed podle o\u010dek\u00e1v\u00e1n\u00ed a \u017ee u\u017e nepot\u0159ebujete star\u0161\u00ed z\u00e1sady MFA a SSPR, m\u016f\u017eete zm\u011bnit proces migrace na Migrace dokon\u010den\u00e1<\/strong>. V tomto re\u017eimu se Azure AD \u0159\u00edd\u00ed pouze z\u00e1sadami metody ov\u011b\u0159ov\u00e1n\u00ed. Pokud je nastaven\u00e1 mo\u017enost Migrace dokon\u010dena<\/strong> , nen\u00ed mo\u017en\u00e9 prov\u00e1d\u011bt \u017e\u00e1dn\u00e9 zm\u011bny star\u0161\u00edch z\u00e1sad, s v\u00fdjimkou bezpe\u010dnostn\u00edch ot\u00e1zek v z\u00e1sad\u00e1ch SSPR. Pokud se z n\u011bjak\u00e9ho d\u016fvodu pot\u0159ebujete vr\u00e1tit ke star\u0161\u00edm z\u00e1sad\u00e1m, m\u016f\u017eete stav migrace kdykoli p\u0159esunout zp\u011bt do prob\u00edhaj\u00edc\u00ed migrace<\/strong> .<\/p>\n","protected":false},"excerpt":{"rendered":"

    Od 30. z\u00e1\u0159\u00ed 2024 budou star\u0161\u00ed z\u00e1sady v\u00edcefaktorov\u00e9ho ov\u011b\u0159ov\u00e1n\u00ed a samoobslu\u017en\u00e9ho resetov\u00e1n\u00ed hesla zastaral\u00e9 a v\u0161echny st\u00e1vaj\u00edc\u00ed metody ov\u011b\u0159ov\u00e1n\u00ed se budou se nad\u00e1le spravovat pouze v nov\u00fdch z\u00e1sad\u00e1ch metod ov\u011b\u0159ov\u00e1n\u00ed v Microsoft Entra (d\u0159\u00edve Azure Active Directory nebo zkr\u00e1cen\u011b Azure AD). Microsoft za t\u00edmto \u00fa\u010delem zprovoznil ovl\u00e1dac\u00ed prvek, kter\u00fdm m\u016f\u017eete spravovat migraci ze star\u0161\u00edch z\u00e1sad […]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts\/62268"}],"collection":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/comments?post=62268"}],"version-history":[{"count":8,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts\/62268\/revisions"}],"predecessor-version":[{"id":62281,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts\/62268\/revisions\/62281"}],"wp:attachment":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/media?parent=62268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/categories?post=62268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/tags?post=62268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}