Microsoft Tenant Hardening Archives - Page 9 of 11

Microsoft Tenant Hardening

Are you looking for information about Microsoft Tenant Hardening? In this archive you will find all our posts about Microsoft Tenant Hardening.

Microsoft 365

Disabling Basic Auth: Microsoft 365 SMTP Relay for Non-TLS Devices

6. August 2022 /

As of October 1, 2022, basic athentication (legacy authentication) will be disabled for EWS, RPS, POP, IMAP, MAPI, RPC, OAB, SMTP AUTH, and EAS protocols in Exchange Online. The basic authentication is a big security issue, since a user name and password are already sufficient for sign in. After deactivating basic authentication, modern authentication (based on OAuth 2.0) becomes active. Modern authentication requires a second factor (multi-factor authentication).

⟶
Microsoft 365, Microsoft Azure

Passwordless Sign In with Microsoft Authenticator App

14. May 2022 /

Passwordless sign in with the Microsoft Authenticator App makes sign in to Azure and Microsoft 365 cloud services more secure and convenient for the user. The typing of a password is replaced by a modern method, e.g. the Microsoft Authenticator app. Passwordless sign-in to cloud apps can be achieved using various methods: For a significant increase of identities security, the cost-effective variant with the Microsoft Authenticator App is the best choice.

⟶
Microsoft Azure

Microsoft Entra: Roll Over Kerberos Decryption Key

23. April 2022 /

With Seamless Single Sign-On (Seamless SSO), users can leverage the same credentials for both on-premises and cloud-based services. Repeated authentication prompts between these environments are eliminated, as authentication data is automatically exchanged between Active Directory and Microsoft Entra. As part of the Seamless SSO configuration, a computer account named AZUREADSSOACC is created in the on-premises Active Directory. For security reasons, Microsoft recommends rotating the associated Kerberos decryption key every 30 days.

⟶
Microsoft Azure

Microsoft Entra Privileged Identity Management (PIM): Request Microsoft Entra roles or Microsoft Azure roles by User

16. April 2022 /

Microsoft Entra Privileged Identity Management (PIM) optimizes the management of privileged roles to Microsoft Azure and Microsoft 365 resources. This contributes to the improvement of the security standards of cloud services. An additional feature is the Just-in-Time authorization, where a user is granted elevated privileges only for the period in which they are actually needed. This minimizes the risk of misuse and unauthorized access. This guide explains how a user can apply for a Microsoft Entra role or Microsoft Azure role for a specific period of time and how an administrator can efficiently manage this requests.

⟶
Microsoft Azure

Microsoft Entra Privileged Identity Management (PIM): Basic Configuration

9. April 2022 /

Microsoft Entra Privileged Identity Management (PIM) manages and monitors access to Microsoft Entra roles and Microsoft Azure roles. Access to Azure resources and Microsoft online services is on-demand and time-restricted.Users can request privileged roles online. An administrator can approve or deny the request afterwards. The role removes automatically after the specified duration expires. Microsoft Entra Privileged Identity Management (PIM) can minimize the following risks: This guide configures Microsoft Entra Privileged Identity Management (PIM) for Microsoft Entra roles and Microsoft Azure roles.

⟶