Link to home
Create AccountLog in
Avatar of Pau Lo
Pau Lo

asked on

Azure AD and MS365 security

Are there recommended articles that detail the priority, perhaps 'top 10' type key security controls to consider for properly ‘hardening’ office 365 and azure AD that we could use as a checklist to assess our configurations and settings against recognised best practices.


With other apps/services focus of such priority security configuration checking, often centres around any authentication related vulnerabilities (e.g. no MFA, stale accounts etc) and memberships of powerful administrative roles that give broad authority to make changes and have wide ranging access to sensitive data stores such as SharePoint, Exchange etc. Other areas that spring to mind could perhaps be permissions oversights and misconfigurations within the various ‘enterprise services’ such as document libraries in SharePoint, mailbox permissions in Exchange etc. I was trying to identify in broad terms, what sort of priority permissions/access related checks should be considered first and foremost regarding office 365/AAD. 

ASKER CERTIFIED SOLUTION
Avatar of Ross McCandless
Ross McCandless
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account