Microsoft Tenant Hardening
Are you looking for information about Microsoft Tenant Hardening? In this archive you will find all our posts about Microsoft Tenant Hardening.
-
Enable Microsoft Entra self-service password reset (SSPR)
Microsoft Entra self-service password reset (SSPR) allows users to change or reset the password on their own. It does not require support from the helpdesk. To allow the user to change or reset the password, the following authentication methods are available for Microsoft Entra self-service password reset (SSPR):
-
Microsoft Entra: How to Block Legacy Authentication Using Conditional Access
Protocols such as POP3, IMAP, SMTP, or MAPI rely on outdated authentication methods known as legacy authentication. These methods do not support modern security mechanisms such as multi-factor authentication (MFA), making them a preferred entry point for attackers.
-
Reviewing user registrations for multi-factor authentication
To perform a security audit, it is necessary to review the registered multi-factor authentication methods of each user in the Microsoft Tenant. This can help identify and address potential vulnerabilities before they are exploited. Additionally, this evaluation can be used to inform users of potentially more convenient MFA methods they could use instead of their current methods.
-
App Password for Multi-Factor Authentication
Apps that do not support two-step verification can cause problems after enabling multi-factor authentication (MFA). These apps, also called non-browser apps, can no longer be used after multi-factor authentication is enabled. To continue to use these apps securely, an App Password can be used for authentication. An App Password is a secure, randomly generated password that can be used instead of the regular password for an app.
-
Azure AD Connect: Enforcing TLS 1.2
Azure AD Connect no longer supports the following protocols because they are considered insecure. the following services may be affected by the deactivation of the protocols: With TLS 1.2, Azure AD Connect remains executable.
-
Microsoft 365 Defender: Safe Links and Safe Attachments
Safe Links, Safe Attachments? Why do we need this?We work more and more with Email, Teams, OneDrive, Sharepoint share files with external people. We chat, we want to work from anywhere and we want to do this with all possible systems (Modern Workplace). A simple virus and spam protection, which is running by Exchange Online Protection (EOP) on every Exchange Online, is often no longer sufficient.Microsoft 365 Defender show two additional features: Safe Links and Safe Attachments. Both are easy to configure and extend the security enormously.