Over the years, I have seen how authentication processes have been evolving into what it is and what we know today. My clients already in the cloud or looking into adopting the cloud are constantly asking me about the “Best Practices” to secure their Microsoft cloud adoption. This is why I have decided to write this blog post series of Microsoft Cloud authentication, Identity and Access Management.
Network firewalls used to be considered the perimeter defense of the network. But with cloud services, that perimeters keep getting more porous, and that perimeter defense can’t be as effective as it was before the explosion of BYOD devices and cloud applications.
Today, enterprises are starting to understand that identity needs to be the primary perimeter for security. This is a shift from the traditional focus on network security. Azure Active Directory (Azure AD) is the Azure solution for identity and access management. Azure AD is a multitenant, cloud-based directory and identity management service from Microsoft. It combines core directory services, application access management, and identity protection into a single solution.
- Centralized Identity Management (Best Practice 1/10)
- Enable single sign-on for the Microsoft Cloud (Best Practice 2/10)
- Enable Conditional Access (Best Practice 3/10)
- Enable self-service Password reset with Azure AD Premium (Best Practice 4/10)
- Enable Conditional Access for cloud access. (Best Practice 5/10)
- Enforce multi-factor verification for users (Best Practice 6/10)
- Use role-based access control (Best Practice 7/10)
- Turn on Azure AD Privileged Identity Management (Best Practice 8/10)
- Define at least two emergency access accounts. (Best Practice 9/10)
- Ensure all critical admin roles have a separate account for administrative tasks (Best Practice 10/10)