Login

u/honestserpent

HELP - Hardening Entra ID security with conditional access policies
▲ 0 r/AZURE

HELP - Hardening Entra ID security with conditional access policies

Hello! I'm new to this and I am having a hard time understanding Entra Security.

I work in a small company that uses Entra ID as the IdP. A couple of weeks ago an account got hacked. We understood this because this account noticed successful logins from the other part of the globe wrt of where the user is (EU).

We don't know how this happened (we also asked Microsoft Support whether they can help out). It might have been a well architected phishing campaing, but we are not 100% sure. Microsoft Support also confirmed the breach and that is now resolved. Within 30mins/1hour the account was secured again:

- Revoked all sessions of all users.

- Changed password

- Reset MFA for the compromised account

We keep seeing activity and login attempts on the user from far away parts of the globe (eg: Tokyo, US, Australia)

Being a small team, we don't have the expertise/resources at the moment to have dedicated people to manage Entra, but I am willing to learn this and I've been looking around/reading a lot. However, I still have a lot of confusion.

We currently use security defaults (https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults?WT.mc\_id=Portal-Microsoft\_AAD\_IAM). This seems a good starting point, by taking care of enforcing MFA on all accounts, removing legacy auth methods etc.

I understand that Conditional Access Policies might be a good option to harden the security, however, this would come with the overhead of managing these.

Questions:

- I could not find a guide to map to create the security defaults with Conditional Access policies. Is there such a thing?

- We have migrated the legacy per-user MFA and SSPR policies to the new authentication methods, so that's taken care of. It seems trivial to me that we should only enforce "strong" login methods (eg: avoid SMS, email etc). Does this make sense?

- I was wondering if there is a way to allow access only for very specific devices. It seems that this should be somehow with registered devices, but it's also not clear to me how this works, as some of the devices we use are actually not registered, meaning that it seems that we can't enforce it. Is there a way to enforce that a device needs to be registered in order to be able to login from?

Please forgive me is some of the questions might seem confused/wrong, I'm trying to learn/understand better.

Many thanks for your help.

u/honestserpent — 1 day ago
▲ 4 r/napoli

Napoli sotterranea con bimbi. Quale?

tra un mese andrò a Napoli per qualche giorno. eravamo interessati a vedere Napoli sotterranea, ma non ci è chiaro quali sono i migliori.

abbiamo 3 bimbi, di 3 anni e mezzo, 2 anni e 1 mese.

Ci sono percorsi che si possono fare con i bambini? quali sono migliori?

reddit.com
u/honestserpent — 13 days ago