Mar 22 2023 12:58 PM
Hello everyone,
What are the good recommendations for Unsecure Account in Azure- Active directory.
Is there a script to identify unsecure account ??
Thanks
Mar 22 2023 02:03 PM
Mar 23 2023 05:29 AM
Mar 23 2023 05:33 AM - edited Mar 23 2023 05:39 AM
Solutionhere is a list of security features that you can implement to sure your identities.
1)Define at least two emergency access accounts
2)Require multifactor authentication for administrative roles
3)Ensure all Users can complete multifactor authentication
4)Do not allow Users to grant consent to unreliable applications
5)Enable Self-Service Password Reset
6)Ensure that password protection is Enabled for Active Directory
7)Enable Conditional Access policies to block legacy authentication
8)Ensure that password hash sync is Enabled for hybrid deployments
9)Enable Azure AD Identity Protection sign-in risk policies
10)Enable Azure AD Identity Protection User risk policies
11)Use Just in Time privileged access to Office 365 roles
12)Ensure Security Defaults are disabled on Azure AD
13)Ensure that LinkedIn contact synchronization is disabled
14)Ensure Sign-in frequency is Enabled, and browser sessions are not persistent for Administrative Users.
15)Ensure the option to remain signed in is hidden
16)Do not expire passwords
17)Ensure Administrative accounts are separate and cloud-only
18)Passwordless sign-in with the Microsoft Authenticator app
19)Passwordless: Windows Hello for Business
20)New feature: Azure AD Authentication Strengths (Preview)
21)Regularly Check identity secure score
22)Require trusted location for MFA and SSPR registration
23)Tenant restrictions
24)Conditional Access filters for apps
25)Prevent Users from creating Azure AD tenant
and here additional security checklist
Secure your Azure AD identity infrastructure - Azure Active Directory | Microsoft Learn
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
Mar 23 2023 06:11 AM
Mar 23 2023 06:11 AM
Mar 23 2023 07:01 AM
Mar 23 2023 05:33 AM - edited Mar 23 2023 05:39 AM
Solutionhere is a list of security features that you can implement to sure your identities.
1)Define at least two emergency access accounts
2)Require multifactor authentication for administrative roles
3)Ensure all Users can complete multifactor authentication
4)Do not allow Users to grant consent to unreliable applications
5)Enable Self-Service Password Reset
6)Ensure that password protection is Enabled for Active Directory
7)Enable Conditional Access policies to block legacy authentication
8)Ensure that password hash sync is Enabled for hybrid deployments
9)Enable Azure AD Identity Protection sign-in risk policies
10)Enable Azure AD Identity Protection User risk policies
11)Use Just in Time privileged access to Office 365 roles
12)Ensure Security Defaults are disabled on Azure AD
13)Ensure that LinkedIn contact synchronization is disabled
14)Ensure Sign-in frequency is Enabled, and browser sessions are not persistent for Administrative Users.
15)Ensure the option to remain signed in is hidden
16)Do not expire passwords
17)Ensure Administrative accounts are separate and cloud-only
18)Passwordless sign-in with the Microsoft Authenticator app
19)Passwordless: Windows Hello for Business
20)New feature: Azure AD Authentication Strengths (Preview)
21)Regularly Check identity secure score
22)Require trusted location for MFA and SSPR registration
23)Tenant restrictions
24)Conditional Access filters for apps
25)Prevent Users from creating Azure AD tenant
and here additional security checklist
Secure your Azure AD identity infrastructure - Azure Active Directory | Microsoft Learn
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.