Karim Zaki

Working from home best practice outlines


Blocking legacy authentication

Identify then block

Monitoring sign Ins from azure AD for any failed log ins

This is your only friend for supporting and trouble shooting

You must know what is the meaning of every tab, every column in this window specially every protocol

Enable Modern authentication (OAUTH With MFA feature)

3 ways to enable conditional access

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted

My recommendations never apply security defaults

You can use the

registration policy

Azure Active Directory Identity Protection will prompt your users to register the next time they sign in interactively and they will have 14 days to complete registration. During this 14-day period, they can bypass registration but at the end of the period they will be required to register before they can complete the sign-in process.

For authentication method use mobile app (free)

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy


Note: you must monitor first to make sure no one is using legacy authenticating

By default all versions of office starting from 2016 supporting modern Authentication

For office 2013 add the following registry keys after monitoring

https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide

TABLE 1
Registry key

Type

Value
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL

REG_DWORD

1
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version

REG_DWORD

1

Use SSO for SAAS applications

Conditional access to block legacy authentication

Teams not share servers

Assign licenses to groups not users preferred dynamic groups

To publish on-prem services you can use azure proxy or WAP services

Remote Desktop Services (RDS) is the platform of choice for building virtualization solutions for every end customer need

You can use RDS With azure Proxy

Use enterprise applications to create new applications

https://myapplications.microsoft.com/

Seamlessly deploy RDS with ARM and Azure Marketplace

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-in-azure

Azure Information protection for protecting file when they are on cloud

Cloud app security for monitoring and controlling all users and files activities and Appling policies

Identity Protection

And finally read and read and read never apply without knowledge

Advertisement

Published by Karim Zaki

MBA Major MIS MCP (Microsoft Certified Professional) Windows XP. Microsoft Certified in (Managing and Maintaining Microsoft server 2003). Microsoft Certified in (implementing, Managing and Maintaining a Microsoft windows server 2003 infrastructure) Microsoft Certified in (Maintaining a MS Win Server 2003 Active Directory) MCSA 2003 ISA 2006 Microsoft Internet Security and Acceleration Server 2006, Configuring MCTS Microsoft Certified Technology specialist MCITP 2008 (Microsoft Certified IT professional) MCSA 2012 Server (Microsoft Certified solution Associate) AZURE Administrator Associate MS 365 Identities and services MS 365 Mobility and security Microsoft 365 Certified: Security Administrator Associate Microsoft 365 certified enterprise administrator expert, MS 365 System administrator, configuring designing and securing. Azure Active Directory administrator configuration and securing identities. Plan identity synchronization for azure active directory Microsoft advanced threat Protection, Access for external users B2B for Microsoft workloads, Azure Advanced Threat Protection, Intune Endpoint administrator designing and securing, Microsoft Cloud App Security configuring and designing. SCSM designing and configuration, Automating IT Operations, Securing and designing exchange online, SharePoint online, MS teams, OneDrive, azure, and MS 365, Intune designing, configuring and supporting.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.