cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access attempts to block

Stefano Colombo
Brass Contributor

‎Nov 23 2021 01:31 AM

‎Nov 23 2021 01:31 AM

Access attempts to block

In a tenant with Microsoft 365 Business Standard licenses we have noticed several logon attempts with accounts in the tenant coming from non legitimate users or countries.

Given that the Business Standard License does not include feature such as Conditional Access how can we block, if possible, such malevolent attempts ?

Is there a way to "disable" a synchronized user from accessing the Office/Azure portals completely?

 

Which strategies, within the business standard license features, can be implemented to protect the identities from this logon attempts?

Labels:
1,143 Views
0 Likes
3 Replies
Reply
3 Replies
BilalelHadd

‎Nov 24 2021 05:25 AM

‎Nov 24 2021 05:25 AM

Re: Access attempts to block

Hi @Stefano Colombo,

 

Unfortunately, Conditional access can only configure these kinds of conditions. What you could do to improve the security posture of the organization is to configure Azure AD MFA. Enabling the security defaults within Azure AD should help you with this. Configuring this doesn't require any additional licenses.

If this still doesn't fit the business needs, the cheapest option would be an upgrade to Microsoft 365 Business Premium.

 

Good luck!

0 Likes
Reply
Stefano Colombo

‎Dec 01 2021 07:57 AM

‎Dec 01 2021 07:57 AM

Re: Access attempts to block

Security defaults has already been enabled but it doesn't help since MFA is not forced to all users and also the user must register for it.
Most of the replicated users wouldn't even access O365 since no license will be assigned.
Moreover,, it look to me, that in the unfortunate case that an hacker can get the user password before the MFA is registered by the legitimate user it might even register itself for MFA.
0 Likes
Reply
BilalelHadd

‎Dec 01 2021 08:00 AM

‎Dec 01 2021 08:00 AM

Re: Access attempts to block

That's where Conditional Access kicks in. In that case, I would advise creating a policy that blocks MFA registration except if you come from a trusted location (VDI, VPN, Office IP, etc.). But again, and as you know. You still need a P1 license for this.
0 Likes
Reply