Working from home best practice outlines


Blocking legacy authentication

Identify then block

Monitoring sign Ins from azure AD for any failed log ins

This is your only friend for supporting and trouble shooting

You must know what is the meaning of every tab, every column in this window specially every protocol

Enable Modern authentication (OAUTH With MFA feature)

3 ways to enable conditional access

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted

My recommendations never apply security defaults

You can use the

registration policy

Azure Active Directory Identity Protection will prompt your users to register the next time they sign in interactively and they will have 14 days to complete registration. During this 14-day period, they can bypass registration but at the end of the period they will be required to register before they can complete the sign-in process.

For authentication method use mobile app (free)

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy


Note: you must monitor first to make sure no one is using legacy authenticating

By default all versions of office starting from 2016 supporting modern Authentication

For office 2013 add the following registry keys after monitoring

https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide

TABLE 1

Registry key

Type

Value

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL

REG_DWORD

1

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version

REG_DWORD

1

Use SSO for SAAS applications

Conditional access to block legacy authentication

Teams not share servers

Assign licenses to groups not users preferred dynamic groups

To publish on-prem services you can use azure proxy or WAP services

Remote Desktop Services (RDS) is the platform of choice for building virtualization solutions for every end customer need

You can use RDS With azure Proxy

Use enterprise applications to create new applications

https://myapplications.microsoft.com/

Seamlessly deploy RDS with ARM and Azure Marketplace

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-in-azure

Azure Information protection for protecting file when they are on cloud

Cloud app security for monitoring and controlling all users and files activities and Appling policies

Identity Protection

And finally read and read and read never apply without knowledge

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.