Hi everyone! I'm relatively new to Entra Security and need some help navigating it. My small company uses Entra ID as our Identity Provider, but we recently experienced a security breach where an account was hacked. We noticed unusual logins from countries far away from the user's actual location in Europe. After consulting Microsoft Support, we resolved the issue by revoking sessions, changing passwords, and resetting MFA. However, we still see login attempts from multiple global locations.
Currently, we're using security defaults, which enforce MFA and block legacy authentication methods, but I'm considering implementing Conditional Access Policies to enhance our security. I have a few questions about this:
1. Is there a guide available for mapping security defaults to Conditional Access policies?
2. We've transitioned to more robust authentication methods; should we only enforce strong logins?
3. Can we restrict access to specific devices, and if so, how do we ensure devices are properly registered?
I appreciate any guidance as I'm eager to learn and improve our security!
0 Answers
There is no answer to this question yet. If you know the answer or can offer some help, please use the form below.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux