Hello @nakashima,
Kindly look at this cloud adoption framework documentation on the guidance and best practices that help you confidently adopt the cloud and achieve business outcomes.
Also look at this doc - It lists some of the basic controls included with security defaults Providing a default level of security in Microsoft Entra ID - Microsoft Entra | Microsoft Learn.
Implementing Security Settings Post-Disabling Security Defaults
Hello Microsoft Community,
At our company, we are currently working on enhancing our security level by configuring Microsoft Intune and Entra ID. This includes the use of conditional access policies, necessitating the disabling of the Security Defaults.
After disabling the Security Defaults, we understand that the following settings are necessary to maintain a similar level of security as when it was enabled:
- Enforcing Multi-Factor Authentication (MFA)
- Risk-based conditions
- Blocking legacy authentication protocols
- Managing privileged access
- Protecting access to Azure Resource Manager and similar
- Preparing emergency access accounts
I am posting this question after translating from Japanese. If there are any expressions that are unclear, please let me know. I would appreciate any guidance on the specific steps and precautions needed to implement these settings. Also, please confirm if my understanding is correct.
Thank you!
2 answers
Sort by: Most helpful
-
Pauline Mbabu 15 Reputation points Microsoft Employee
2024-05-14T10:13:39.3666667+00:00 -
Navya 4,395 Reputation points Microsoft Vendor
2024-05-20T11:10:54.5366667+00:00 Hi @nakashima
Thank you for posting this in Microsoft Q&A.
Yes, you understand correctly when it comes to using conditional access controls to protect your tenant after disabling security defaults.
Please refer to the documentation below, which include all of the conditions you stated in the request you made.
Create a Conditional Access policy
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.