Over the years, the Microsoft security stack has become very feature rich and offers many ways to customize the configuration. Third-party products are available with similar features, but lack the integration capability of the Microsoft stack. In the second part of the "Ten Ways to Harden the Security of Your Microsoft 365 Tenant" series, we look at five ways to secure your environment using controls that require a premium license such as Office E5 or Azure AD Premium.
There’s a lot of debate around the need to separate Microsoft 365 administrator accounts, especially when controls such as Privileged Identity Management exist within an organization. However, even with PIM there are remaining security concerns which necessitate the operation of separate accounts. This article explains the importance of using separate accounts; details how to target different Conditional Access policies for admin and user accounts and highlights how this approach increases your security posture and limits potential attack vectors against administrator accounts.
When performing a cost-benefit analysis of the Microsoft 365 E5 license for users in your organization, cost is usually the deciding factor as the quality of the features are rarely disputed. However, there are some who argue that to maintain a "Better" Security and Compliance posture as suggested by Microsoft, some of these key security features should be made more widely accessible and affordable and therefore included in the E3 license structure. Microsoft MVP Peter Rising took his debate to Twitter, conducting a straw poll where the results show there is clearly an appetite for more choice when it comes to Microsoft 365 licensing.
How the Azure Active Directory baseline security policy enforces multi-factor authentication for privileged administrator accounts in Office 365 and Azure AD.
How to use Azure Active Directory conditional access policies to secure logins by accounts with privileged role permissions, such as enforcing multi-factor authentication for all Global Administrators.
How to use Azure Active Directory Privileged Identity Management (PIM) to provide "just in time" administrative access to Office 365 and Azure AD features.