Hi everyone! I'm new to managing Entra ID security and could use some guidance. My small company experienced a security breach a few weeks ago, with a user account logging in from unusual locations across the globe. We quickly acted by revoking sessions, changing passwords, and resetting MFA. Though we've implemented security defaults to enforce MFA and disable legacy authentication methods, I'm still feeling a bit lost. I believe Conditional Access Policies could help strengthen our security, but I'm unsure how to transition from security defaults to policies safely. I have a few questions:
1. Is there a guide that outlines how to implement the equivalent of security defaults using Conditional Access Policies?
2. Now that we've migrated from legacy MFA, should we only allow strong authentication methods and avoid less secure options like SMS or email?
3. How can we limit access to specific registered devices? I'm not clear on how these policies can be enforced when some of our devices are unregistered.
I appreciate any help or insights you can offer as I navigate this!
4 Answers
As others mentioned, Conditional Access is essential. The CIS benchmark is another valuable resource to set a good security foundation. It aligns well with implementing best practices for security!
One important thing to know is you can’t run Security Defaults alongside Conditional Access Policies. Security Defaults are like a starter pack to guide users toward using Conditional Access later, especially when they've got the right licensing like Entra ID P1.
If you want to only allow access from certain devices, that’s where Microsoft Intune comes into play. When you manage devices with Intune, you can enforce that only registered devices can access your resources, which is a smart security move.
CIS has some great recommendations on security practices. Check out their resources for foundational security measures: https://www.cisecurity.org/. It's a good starting point to enhance your security posture.
Definitely consider implementing Conditional Access! Just make sure you understand what you’re doing to avoid locking yourself out completely. Check out the Microsoft documentation—it’s super helpful: https://learn.microsoft.com/en-us/en tra/identity/conditional-access/.
If you're looking to create location-based policies, this link might be exactly what you need: https://learn.microsoft.com/en-us/en tra/identity/conditional-access/policy-block-by-location. Take it slow, apply policies gradually, and test everything before going live. If it feels overwhelming, hiring a managed service provider can be beneficial.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux