Forum Discussion

Robbie1865's avatar
Robbie1865
Copper Contributor
Oct 19, 2022

OVERWHELMED

I have been experiencing a number of discrepancies within my social footprint.  I have had 5 operations L5-S1 + plus both hips replaced in the two years. Bedridden and honestly limited tech/computer ...
josequintino's avatar
josequintino
MCT
Mar 25, 2023
It's very important to maintain the security of your Azure Active Directory (Azure AD) by identifying and addressing unsecure accounts. 1- Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring users to provide additional authentication methods. 2- Use strong, unique passwords: Encourage users to create strong, unique passwords for their accounts. 3- Regularly review user accounts: Regularly review accounts for suspicious activities and revoke access to users who no longer need it. 4- Apply Conditional Access policies: Implement Conditional Access policies to enforce specific conditions for user access, such as device compliance, location, or sign-in risk. 5- Monitor sign-in activity: Use Azure AD's built-in monitoring capabilities to track sign-in activities and investigate any suspicious behavior. 6- Implement Role-Based Access Control (RBAC): Use RBAC to grant the least privileged access necessary for users to perform their tasks. 7- Train users on security best practices: Educate your users about phishing, social engineering, and other potential threats. 8- Keep software and systems up-to-date: Regularly update your Azure AD Connect, Azure AD PowerShell modules, and other components to maintain security. You can use Powershell scripts or Azure AD reports to identify unsecured accounts. See example below of this script which can be used as a starting point to identify accounts with weak settings: Import-Module AzureAD $tenantDomain = "yourtenant.onmicrosoft.com" $credential = Get-Credential Connect-AzureAD -Credential $credential -TenantDomain $tenantDomain $users = Get-AzureADUser -All $true $unsecureAccounts = @() foreach ($user in $users) { $isUnsecure = $false # Check for MFA status $mfaStatus = (Get-AzureADUserExtension -ObjectId $user.ObjectId).StrongAuthenticationRequirements if ($mfaStatus -eq $null -or $mfaStatus.State -ne "Enforced") { $isUnsecure = $true } # Add other security checks as needed if ($isUnsecure) { $unsecureAccounts += $user } } $unsecureAccounts | Select-Object DisplayName, UserPrincipalName, UserType