05mars
MFA for Azure admins will be soon enforced
Context
Identity attacks have increased by 300% in the last year.
Many IT guys use their standard AD account also as Azure AD administrator.
If your company is a MS Cloud Service Provider (CSP), by default it can delegate "general Admin" role on Customer tenant.
That means that:
1/ You will harden IT admins workstations with BitLocker and other policies and tools
2/ Your tenant will have to be MFA compliant, for your company and customers security
3/ If your daily account is also admin, think about creating a dedicated admin account with MFA, and remove all privileges from your daily account
Good news: MFA for admins do not require additional E3 or E5 license.
Activation
MFA for admins can simply be enforced now.
Go to Azure Portal / Azure Active Directory / Enterprise applications / Conditional Access
|
 |
When you detail policy "Baseline policy: Require MFA for admins", you see what we are talking about |
 |
Of course you can also set MFA for admins one by one here:
https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx
but that is not a global enforcement policy (hackers are always looking for weak points).
MFA user side
Once MFA for admins is enforced, it can be used with mobile confirmation, SMS confirmation.
For this example, we will use mobile application (it's easier using Internet for confirmation, rather than SMS or phone calls when you are in a datacenter)
MFA authentication
|
Enter your account and password |
 |
You will see MFA screen coming on your PC |
 |
Switch to your mobile Authenticator
"Et voilà", you used MFA for privileged Azure AD accounts !!!
|
 |
Related
Basic phishing emails are so effective that most hackers don't use exploit kits anymore.
It bec...
Windows Server 2016 is the first version of Windows to ship support for container technology built i...
En ces temps de travail nomade liés au COVID, presque toutes les entreprises font appel au travail à...
L'objectif de cette présentation est de parcourir rapidement certains points clés de sécurité lo...
Beaucoup d'utilisateurs Office 365 pensent être protégés des SPAM et virus avec l'offre Exch...
During some automatized deployments, as often, we have to deploy Microsoft Exchange 2016 automatical...