In this short 22 minute webinar we covered security defaults, why you probably don’t want to use them and why that’s OK, break-glass admin accounts, creating your own security defaults and an allowed locations conditional access policy. It was a lot for that short amount of time.
Our very first session was attended by 99 individuals and they asked 88 questions! I’m very thankful for all of the attendance and kudo’s that you’ve sent. I thought it might take a while to build up an audience but apparently this topic is one that has great appeal. Good to know! The plan is to keep this up every month and very soon I will have calendar items for you to add to your schedule. Make sure that you are on our mailing list! Join is from the website. Join our Facebook page, Third Tier. Join our Facebook group, Ransomware and Security. Follow us on Twitter, @thirdtier, I’m trying to remember to also post there. And don’t forget that all we do is help IT Pros, so when you get stuck on something we have an expert to help you out. Just open a ticket at https://helpdesk.thirdtier.net
During the session I mentioned that I had some URL resources for you. Here they are:
All about security defaults
Why Security Defaults were created. https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414
What are the security defaults? https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
During this webinar I suggest that you should create your own set of security defaults that mimic Microsoft’s but that have an exception for your break-glass accounts. Having at least one emergency account is critical. The next article has a lot of information. Just worry about creating the account for now. Remember Microsoft approaches everything as if you’re the largest of the large companies of the world and this article reflects that. Go through the creating the account portion and then be sure to exclude it from your MFA for admins policy. That’s all you really need from the article below.
Create an emergency break-glass admin account
Create your own security defaults
How to create a policy to block legacy authentication. https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication
Configure MFA registration policy. https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy
Make your IT business better than the competition. IT Pro Helpdesk, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit and more. https://www.thirdtier.net