Nov 09 2020
- last edited on
Jan 14 2022
What's the best practice for security management in AzureAD, to manage policies/rules in MEM/InTune, Conditional Access... to easily review and add/remove access to a specific rule/right.
Some examples :
Best practice when we apply a Conditional Access to a group of user ?
- Do we set a specific Azure AD group (Like for MFA : ForceMFA) in the Conditional Access policy. Then add groups or user in this Azure AD group.
- Or do we add directly Azure AD group or user (Like Boston-Manager, Florida-Marketing…) in the Conditional Access settings ?
Same for Intune/MEM policy (Like Compliance policies) :
- Do we set a specific Azure AD group (Like InTune-Compliance-W10-Include, InTune-Compliance-W10-Exclude) for these policies. Then add groups or user in this group.
- Or do we add directly AzureAD group or user in the InTune policies settings ?
There’s a Microsoft best practice for AzureAD management like the AGDLP rule for AD OnPrem and advantage/disadvantage to use nested groups in AzureAD ?
Nov 11 2021 01:38 AM