Identity and Access

Identity and Access Management Best Practices

Documentation

Five steps to securing your identity infrastructure – This document will help you get a more secure posture using the capabilities of Azure Active Directory by using a five-step checklist to inoculate your organization against cyber-attacks.

Azure Identity Management and access control security best practice – In this article, we discuss a collection of Azure identity management and access control security best practices. These best practices are derived from our experience with Azure AD and the experiences of customers like yourself.
Azure Security Documentation – Security is integrated into every aspect of Azure. Azure offers you unique security advantages derived from global security intelligence, sophisticated customer-facing controls, and a secure hardened infrastructure. This powerful combination helps protect your applications and data, support your compliance efforts, and provide cost-effective security for organizations of all sizes.
     White papers
     Technical overviews
     Best practices
Azure Security Services – Make sure to check this page on a regular basis to stay up-to-date on our security-related services and technologies.
Microsoft Services in Cybersecurity – Microsoft Services provides a comprehensive approach to security, identity and cybersecurity. Microsoft Services provides an array of Security and Identity services across strategy, planning, implementation, and ongoing support. These services can help Enterprise customers implement holistic security solutions that align with their strategic goals.

Securing Privileged Access to machines/services – Microsoft recommends you follow this roadmap to secure privileged access against determined adversaries. You may adjust this roadmap to accommodate your existing capabilities and specific requirements in your organizations.

Privileged Identity Management – Securing privileged access is a critical first step to establishing security assurances for business assets in a modern organization. The security of most or all business assets in an organization depends on the integrity of the privileged accounts that administer and manage IT systems. Cyber-attackers are targeting these accounts and other elements of privileged access to rapidly gain access to targeted data and systems using credential theft attacks like Pass-the-Hash and Pass-the-Ticket.

Location Administrator Password Solution (LAPS) – For occasions when login is required without domain credentials, password management can become complex. LAPS simplifies password management while helping customers implement recommended defenses against cyberattacks. In particular, it mitigates the risk of lateral escalation that results when customers have the same administrative local account and password combination on many computers.
    Download LAPS kit

Blogs

Top 10 Actions to Secure your Environment – Deployment Strategies by Debbie Seres – Senior PM – Visit her Blog

Step 1 – Identify Users – We’ll provide advice on activities such as setting up identity management through active directory, malware protection, and more.
Step 2 – Manage authentication and safeguard access – We explain how to enable single sign-on (SSO) in Azure Active Directory (Azure AD) to manage authentication across devices, cloud apps, and on-premises apps, and then how to set up Multi-Factor Authentication (MFA) to authenticate user sign-ins through a mobile app, phone call, or SMS
Step 3 – Protect your identities – you’ll learn how to define security policies to protect individual user identities against account compromise and protect your administrative accounts.
Step 4 – Set conditional access policies – you’ll learn how to control access to your apps and corporate resources using conditional access policies, and how these policies can block legacy authentication methods and control access to SaaS apps.

Defending against illicit consent grants by Brandon Koeller – Office 365 Security has been tracking an emergent threat to customer data in the Office 365 cloud over the last year. This blog post is intended to help IT Administrators of Office 365 organizations detect, monitor, and remediate this threat. In its simplest form, the attack consists of an adversary creating an Azure registered application which requests access to customer data (contact information, email, documents, etc.), and then tricking an end user into granting that application consent to access their data through a phishing attack, or by injecting illicit code into a trusted website. Once the illicit application has been granted consent, it functionally has account-level access to data but without needing an actual account in the organization. Normal remediation steps like resetting passwords for breached accounts or requiring MFA on accounts is not effective since these third party applications are external to the organization and leverage an interaction model which presumes the caller is automation, and not a human.
Software-as-a-Service Part 1 (Identity-as-a-Service) – Providing a prescription of steps to create and provide SaaS is an overwhelming endeavor, destined to sprawl and quickly become unwieldly. Yet companies need exactly this as they transition to the cloud. To answer this need, we identify some patterns and group them into related pillars. My intention in this series of posts is to showcase various applications demonstrating different aspects and patterns of Software-as-a-Service (SaaS) models.

White Papers & E-Books

Microsoft Azure Security Response in the Cloud – This white paper examines how Microsoft investigates, manages, and responds to security incidents within Azure. Other service impacting issues that are not security incidents are addressed by a separate response plan (or business continuity plan), and will not be discussed in this paper.
A crash course in security management: the keys to a better security posture – The way you manage your data and device security is a top priority in an evolving cyberthreat landscape.
Protecting your organization and improving security management starts with three key requirements: Visibility that helps you understand the security state and risks across resources, Built-in security controls to help you define consistent security policies, Effective guidance to help elevate your security