Over the years, the Microsoft security stack has become very feature rich and offers many ways to customize the configuration. Third-party products are available with similar features, but lack the integration capability of the Microsoft stack. In the second part of the “Ten Ways to Harden the Security of Your Microsoft 365 Tenant” series, we look at five ways to secure your environment using controls that require a premium license such as Office E5 or Azure AD Premium.
Conditional Access policies provide many security benefits, from the implementation of MFA in a user-friendly way, to the controls that can limit what data users access or download. However, the process of setting up CA policies is daunting to some at first. This article provides some thought processes and best practices to make this security initiative more manageable.
In the second article of this 2-part series, we describe the alternatives that exist to help secure access for remote workers, exploring the worthy features that don’t require MDCA. The features detailed in this article are available for any tenant with Azure AD Premium licensing and offer a more generic set of controls for tenants where MDCA licensing is not available.
There’s a lot of debate around the need to separate Microsoft 365 administrator accounts, especially when controls such as Privileged Identity Management exist within an organization. However, even with PIM there are remaining security concerns which necessitate the operation of separate accounts. This article explains the importance of using separate accounts; details how to target different Conditional Access policies for admin and user accounts and highlights how this approach increases your security posture and limits potential attack vectors against administrator accounts.