Microsoft Entra – The Comprensive Guide to Secure Azure AD & User Identities by Mohamed Mokhtar & Microsoft Security

CISO2CISO Notepad Series Microsoft Microsoft Active Directory Microsoft Azure Technical DocumentsThe estimated reading time is 1 minute

Microsoft Entra – The Comprensive Guide to Secure Azure AD & User Identities by Mohamed Mokhtar & Microsoft Security

admin

06/03/2023 0

Contents
1) Define at least two emergency access accounts …………………………………………………………………….. 3
2) Require multifactor authentication for administrative roles ………………………………………………….. 14
3) Ensure all Users can complete multifactor authentication …………………………………………………….. 18
4) Do not allow Users to grant consent to unreliable applications ……………………………………………… 19
5) Enable Self-Service Password Reset ……………………………………………………………………………………. 20
6) Ensure that password protection is Enabled for Active Directory …………………………………………… 21
7) Enable Conditional Access policies to block legacy authentication………………………………………….. 22
8) Ensure that password hash sync is Enabled for hybrid deployments ………………………………………. 24
9) Enable Azure AD Identity Protection sign-in risk policies ……………………………………………………….. 25
10) Enable Azure AD Identity Protection User risk policies ………………………………………………………… 26
11) Use Just in Time privileged access to Office 365 roles …………………………………………………………. 27
12) Ensure Security Defaults are disabled on Azure AD …………………………………………………………….. 34
13) Ensure that LinkedIn contact synchronization is disabled. ……………………………………………………. 35

14) Ensure Sign-in frequency is Enabled, and browser sessions are not persistent for Administrative Users. …………………………………………………………………………………………………………………………………. 36
15) Ensure the option to remain signed in is hidden …………………………………………………………………. 38
16) Do not expire passwords …………………………………………………………………………………………………. 39
17) Ensure Administrative accounts are separate and cloud-only ………………………………………………. 40
18) Passwordless sign-in with the Microsoft Authenticator app …………………………………………………. 41
19) Passwordless: Windows Hello for Business ………………………………………………………………………… 42
20) New feature: Azure AD Authentication Strengths (Preview) ………………………………………………… 50
21) Regularly Check identity secure score ……………………………………………………………………………….. 54
22) Require trusted location for MFA and SSPR registration ……………………………………………………… 55
23) Tenant restrictions ………………………………………………………………………………………………………….. 58
24) Conditional Access filters for apps …………………………………………………………………………………….. 60
25) Prevent Users from creating Azure AD tenant ……………………………………………………………………. 63

Microsoft-Entra-The-Comprensive-Guide-to-Secure-Azure-AD-User-Identities-by-Mohamed-Mokhtar-Microsoft-Security Download the complete file here !