Ensure all users are within defined parameters (i.e.Policy #8: Secure Security info registration (use case severely reduced due to COVID) Block countries and other locations you do not wish to have anyone access corporate resources from.General desire to increase monitoring activities.Administrative logins via privileged access workstations.High risk scenarios that demand additional enforcement and data protection.Optionally, choose additional grant control for Medium or Low events.Alternatively, require multiple controls (i.e.Can also include Require Hybrid Azure AD Joined device to eliminate BYOD access scenarios.Ensure all devices meet minimum defined compliance.Select Client Apps > Legacy Authentication Clients (Exchange Active Sync and Other clients).Scope to same as Azure MFA Conditional Access Policy.Policy #2: Block Legacy Authentication protocols Configure exclusions as applicable. Do not intend for this to be permanent.Scope as widely as possible. All users and All applications ideally. Nothing should be accessing your resources without strong factor authentication.
The following describes what should be considered for your baseline package: Policy #1: Enforce Azure MFA Microsoft and Enabling Technologies recommends that each organization employ Baseline AAD Conditional Access Policies for strong authentication and real time access monitoring to ensure a consistent and thorough balance of security and productivity while maintaining awareness and enforcement on todays common threats. While the purpose of these policies should be similar across organizations, the scoping conditions may differ based on organization specific scenarios and accepted risk. Require client certificate (coming soon).Require device to be marked as compliant.Select one, multiple, or all applications.Select one or all users, guest users, or directory roles.Here are some common signals and conditions that can be used to scope out how the policy is applied: There are many different signals\conditions and decisions that can be configured to create an org-wide policy down to a specific scenario. Each decision option was described in prior blog articles: The simplest conditional access policy can be created in mere minutes. However, as simple as they are, they can also drastically affect your environment in an adverse way if not properly configured.
0 kommentar(er)
