By now you should be aware that as of September 30, 2025, authentication methods can't be managed in these legacy MFA and SSPR policies. You will need to use the new unified Authentication methods policy. "2025" I hear you shout! "we've got ages". Well, it can seem that way however authentication methods, and conditional access …
Securing Azure 7 – Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft Cloud Security Benchmark (MCSB).
As we have covered previously, if you are a using Microsoft products and services a vast amount of guidance and documentation is available online. This can get confusing as there is the Cloud Adoption Framework, Azure Well-Architected Framework, Microsoft Cybersecurity Reference Architecture, Microsoft Cloud Security Benchmark, and the new Security Adoption Framework (SAF). This guide …
Securing Azure 6 – Identity and Access – Conditional Access Part 3
In this guide we will be creating some further additional policies before fully enabling conditional access within our tenant. If you have not carryied out the required preparation from parts 1 and 2 then go back and read them to ensure you are ready and have carried out the required prerequisites. In the previous guide …
Continue reading "Securing Azure 6 – Identity and Access – Conditional Access Part 3"
Securing Azure 5 – Identity and Access – Conditional Access Part 2
In the previous guide we created our log analytics workspace, and took care of a few prerequisites which would allow us to create and troubleshoot our conditional access policies before they are fully implemented. In this guide we will create our conditional access policies in report-only mode, and using the built-in conditional access workbooks we …
Continue reading "Securing Azure 5 – Identity and Access – Conditional Access Part 2"
Securing Azure 4 – Identity and Access – Conditional Access Part 1
Rolling out conditional access is a big topic, and we will split it into three main phases, preparation, audit and implementation. Conditional access has the potential to break stuff, a lot of stuff, especially if you are using Intune compliance configurations to block non-compliant devices. If you don't adequately test your conditional access policies before …
Continue reading "Securing Azure 4 – Identity and Access – Conditional Access Part 1"
Securing Azure 3 – Identity and Access – Securing Privileged Access
This guide is not going to go into why securing privileged access is so important. If you're here for this guide, I'll assume you understand its importance. This guide will not cover all the different privileged roles and what they should be used for, nor will we be covering the monitoring of privileged access in …
Continue reading "Securing Azure 3 – Identity and Access – Securing Privileged Access"
Securing Azure 2 – Identity and Access – Passwords
Before you start shouting at me, "passwords are dead", they aren't quite, and yes we will be configuring multifactor authentication, but mistakes happen such as misconfigurations where multifactor may not be applied, so we should still be ensuring that strong passwords are being used across our organisation, and it's important to have knowledge of how …
Continue reading "Securing Azure 2 – Identity and Access – Passwords"
Securing Azure 1 – Introduction
In this series we will be looking at securing an Azure cloud tenant from scratch. At this stage, our environment does not have any virtual machines (VMs), virtual networks, web application firewalls or other Azure services. This will be an Azure tenant and O365 subscription with a Business Premium licence, which means we have an …