Louis Mastelinck, a Microsoft MVP and Security Consultant at Proximus NXT, joins me to discuss the critical journey of moving organizations away from SMS-based MFA.

We deep dive into a practical strategy for migrating users to the Authenticator app, starting with “stopping the bleed” and managing user groups. We also explore a significant security blind spot regarding Email OTP for SharePoint guest access and how to resolve it.

Finally, we debate the future of authentication with device-bound versus synced Passkeys and how to defend against downgrade attacks.

Subscribe with your favorite podcast player or watch on YouTube 👇

About Louis Mastelinck

Louis Mastelinck is a Security Consultant at Proximus NXT and a recognized Microsoft MVP based in Belgium. Specializing in Incident Response and the full Microsoft Security stack (including MDE, MDO, Sentinel, and Identity Management), he is dedicated to neutralizing threats and securing digital environments. A GCFA-certified professional, Louis is known for his deep technical expertise in areas like Conditional Access and authentication methods.

LinkedIn - https://www.linkedin.com/in/louismastelinck/

🔗 Related Links

* Microsoft: Hang up on SMS - http://aka.ms/hangup

📗 Chapters

00:00 Intro

00:52 Props and PIM

01:41 The Dangers of SMS MFA

04:51 Strategy: Stopping the Bleed

10:06 Migrating Existing Users off SMS

19:20 Impact on Self-Service Password Reset

22:39 The SharePoint Email OTP Security Gap

25:13 Enabling Entra B2B Integration

34:28 Passkeys: Device-Bound vs Synced

44:40 Defending Against MFA Downgrade Attacks

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill’s socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe