Forum Discussion
Unsecure Account -Azure- Active directory.
Hello everyone,
What are the good recommendations for Unsecure Account in Azure- Active directory.
Is there a script to identify unsecure account ??
Thanks
here is a list of security features that you can implement to sure your identities.
1)Define at least two emergency access accounts
2)Require multifactor authentication for administrative roles
3)Ensure all Users can complete multifactor authentication
4)Do not allow Users to grant consent to unreliable applications
5)Enable Self-Service Password Reset
6)Ensure that password protection is Enabled for Active Directory
7)Enable Conditional Access policies to block legacy authentication
8)Ensure that password hash sync is Enabled for hybrid deployments
9)Enable Azure AD Identity Protection sign-in risk policies
10)Enable Azure AD Identity Protection User risk policies
11)Use Just in Time privileged access to Office 365 roles
12)Ensure Security Defaults are disabled on Azure AD
13)Ensure that LinkedIn contact synchronization is disabled
14)Ensure Sign-in frequency is Enabled, and browser sessions are not persistent for Administrative Users.
15)Ensure the option to remain signed in is hidden
16)Do not expire passwords
17)Ensure Administrative accounts are separate and cloud-only
18)Passwordless sign-in with the Microsoft Authenticator app
19)Passwordless: Windows Hello for Business
20)New feature: Azure AD Authentication Strengths (Preview)
21)Regularly Check identity secure score
22)Require trusted location for MFA and SSPR registration
23)Tenant restrictions
24)Conditional Access filters for apps
25)Prevent Users from creating Azure AD tenantand here additional security checklist
Secure your Azure AD identity infrastructure - Azure Active Directory | Microsoft Learn
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
6 Replies
- you're asking about the best practices to secure your account in Azure Active directory?
here is a list of security features that you can implement to sure your identities.
1)Define at least two emergency access accounts
2)Require multifactor authentication for administrative roles
3)Ensure all Users can complete multifactor authentication
4)Do not allow Users to grant consent to unreliable applications
5)Enable Self-Service Password Reset
6)Ensure that password protection is Enabled for Active Directory
7)Enable Conditional Access policies to block legacy authentication
8)Ensure that password hash sync is Enabled for hybrid deployments
9)Enable Azure AD Identity Protection sign-in risk policies
10)Enable Azure AD Identity Protection User risk policies
11)Use Just in Time privileged access to Office 365 roles
12)Ensure Security Defaults are disabled on Azure AD
13)Ensure that LinkedIn contact synchronization is disabled
14)Ensure Sign-in frequency is Enabled, and browser sessions are not persistent for Administrative Users.
15)Ensure the option to remain signed in is hidden
16)Do not expire passwords
17)Ensure Administrative accounts are separate and cloud-only
18)Passwordless sign-in with the Microsoft Authenticator app
19)Passwordless: Windows Hello for Business
20)New feature: Azure AD Authentication Strengths (Preview)
21)Regularly Check identity secure score
22)Require trusted location for MFA and SSPR registration
23)Tenant restrictions
24)Conditional Access filters for apps
25)Prevent Users from creating Azure AD tenantand here additional security checklist
Secure your Azure AD identity infrastructure - Azure Active Directory | Microsoft Learn
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
- Thanks for your feedback, I really appreciate, how to be notified / alert when insecure account is created ? I want to be notified when "unsecure Account" is created in Azure Active directory
- elieelkarkafi Yes, how to be notified / alert when insecure account is created ???
