Forum Discussion
Access attempts to block
In a tenant with Microsoft 365 Business Standard licenses we have noticed several logon attempts with accounts in the tenant coming from non legitimate users or countries.
Given that the Business Standard License does not include feature such as Conditional Access how can we block, if possible, such malevolent attempts ?
Is there a way to "disable" a synchronized user from accessing the Office/Azure portals completely?
Which strategies, within the business standard license features, can be implemented to protect the identities from this logon attempts?
3 Replies
Hi StefanoC66,
Unfortunately, Conditional access can only configure these kinds of conditions. What you could do to improve the security posture of the organization is to configure Azure AD MFA. Enabling the https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults within Azure AD should help you with this. Configuring this doesn't require any additional licenses.
If this still doesn't fit the business needs, the cheapest option would be an upgrade to Microsoft 365 Business Premium.
Good luck!
- Security defaults has already been enabled but it doesn't help since MFA is not forced to all users and also the user must register for it.
Most of the replicated users wouldn't even access O365 since no license will be assigned.
Moreover,, it look to me, that in the unfortunate case that an hacker can get the user password before the MFA is registered by the legitimate user it might even register itself for MFA.- That's where Conditional Access kicks in. In that case, I would advise creating a policy that blocks MFA registration except if you come from a trusted location (VDI, VPN, Office IP, etc.). But again, and as you know. You still need a P1 license for this.
