Hi everyone! I'm relatively new to Entra Security and need some help navigating it. My small company uses Entra ID as our Identity Provider, but we recently experienced a security breach where an account was hacked. We noticed unusual logins from countries far away from the user's actual location in Europe. After consulting Microsoft Support, we resolved the issue by revoking sessions, changing passwords, and resetting MFA. However, we still see login attempts from multiple global locations.
Currently, we're using security defaults, which enforce MFA and block legacy authentication methods, but I'm considering implementing Conditional Access Policies to enhance our security. I have a few questions about this:
1. Is there a guide available for mapping security defaults to Conditional Access policies?
2. We've transitioned to more robust authentication methods; should we only enforce strong logins?
3. Can we restrict access to specific devices, and if so, how do we ensure devices are properly registered?
I appreciate any guidance as I'm eager to learn and improve our security!
1 Answer
Going with Conditional Access is definitely the right move! Just be cautious about locking yourself out while setting it up. Make sure to read through the documentation thoroughly. You can find specific policies for location blocking, which could prevent logins from those far-off places. And remember to apply changes gradually and test everything before going live.
Thanks a lot for the advice! Conditional Access sounds promising. Is there a way to confirm that logins are restricted to certain devices?