Download: Microsoft 365 Don’t miss this setting – January 2


In this short 22 minute webinar we covered security defaults, why you probably don’t want to use them and why that’s OK, break-glass admin accounts, creating your own security defaults and an allowed locations conditional access policy. It was a lot for that short amount of time.

Our very first session was attended by 99 individuals and they asked 88 questions! I’m very thankful for all of the attendance and kudo’s that you’ve sent. I thought it might take a while to build up an audience but apparently this topic is one that has great appeal. Good to know! The plan is to keep this up every month and very soon I will have calendar items for you to add to your schedule. Make sure that you are on our mailing list! Join is from the website. Join our Facebook page, Third Tier. Join our Facebook group, Ransomware and Security. Follow us on Twitter, @thirdtier, I’m trying to remember to also post there. And don’t forget that all we do is help IT Pros, so when you get stuck on something we have an expert to help you out. Just open a ticket at https://helpdesk.thirdtier.net 

During the session I mentioned that I had some URL resources for you. Here they are:

All about security defaults

Why Security Defaults were createdhttps://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414

What are the security defaultshttps://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

During this webinar I suggest that you should create your own set of security defaults that mimic Microsoft’s but that have an exception for your break-glass accounts. Having at least one emergency account is critical. The next article has a lot of information. Just worry about creating the account for now. Remember Microsoft approaches everything as if you’re the largest of the large companies of the world and this article reflects that. Go through the creating the account portion and then be sure to exclude it from your MFA for admins policy. That’s all you really need from the article below.

Create an emergency break-glass admin account

Emergency tenant access. https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access

Create your own security defaults

How to create a policy to block legacy authentication. https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication

Require MFA for adminshttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa

Require MFA for Azure mgthttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-azure-management

Require MFA for users. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa

Configure MFA registration policyhttps://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy

 

Download and listen to the recording

__________________________________________________

Make your IT business better than the competition. IT Pro Helpdesk, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit and more. https://www.thirdtier.net

 


Leave a comment

Your email address will not be published. Required fields are marked *

2 thoughts on “Download: Microsoft 365 Don’t miss this setting – January

  • Steve Yates

    Can you clarify whether this setting change applies to ONLY partner tenants or ALL CUSTOMERS as well? Apparently there’s a lot of FUD out there and at least one person on the ASCII Group mailing list says they were told by MS support it applied to all clients. Other information I’ve received says it only applies to partners. The MS email says “your partner tenants” (plural).

    • Third Tier Post author

      My understanding is that it is already applying to all new tenants and will be applied to all existing tenants. I agree that Microsoft has been unclear on whether this first round is just partners or all existing tenants. I’d get ready for all existing tenants since we know it’s coming sometime soon, if not now.