Secured.22: How to secure your Microsoft Azure AD tenant

Last September, Barracuda hosted its second annual virtual customer conference, Secured.22, and attendees found it to be full of useful, practical, actionable insights and information about the most pressing issues and timely topics in cybersecurity.

If you didn’t attend, you can still get all the benefits of watching the recorded presentations from the event. And I’m going to be highlighting some of the most popular sessions here over the next few weeks.

Today I want to tell you a bit about a highly rated presentation by Microsoft Principal Security Architect Angelica Faber, entitled “Inspecting your Microsoft 365 Tenant Security – Step 0!”

How to prevent 99% of cyberattacks

Preventing 99% of cyberattacks by just taking one single step in configuring Azure Active Directory (Azure AD) for your Microsoft 365 or Azure subscription may sound like an over-promise, but Faber has the numbers to back it up.

According to articles she cites from Microsoft Tech Community (this one and this one), organizations that use Azure AD “Security Defaults” experience 80% less compromise than the overall tenant population. And 99% of cyberattacks could have been prevented by the correct use of multifactor authentication (MFA).

As Angelica explains, the Azure AD Security Defaults consist of a set of conditional access control policies that can be enabled as a single setting. In the presentation, she goes through a detailed demonstration of how to do this and what exactly it accomplishes. At the same time, she shows you how to customize your conditional access policies based on your specific business requirements.

One important note that she emphasizes is the importance of blocking legacy authentication protocols that don’t support MFA — while being careful to do it in a way that doesn’t lock out legacy services or devices that require such protocols.

Different flavors of MFA

A key focus of Angelica’s presentation is her explanation of the various “flavors” of MFA that are available to you as a Microsoft 365 and/or Azure subscriber. Here’s a brief clip of her presentation where she introduces the different options and why some (passwordless, to be precise) are better  than others when it comes to preventing account compromise:

Practical actions — your to-do list

There’s a lot more info and insight to gather from this session, including several clear, step-by-step demonstrations of exactly how to take the important step of implementing the right set of MFA controls for you.

Angelica wraps things up by showing you how you can find out what your current Identity Secure Score (ISS) is. Available to all Azure subscription levels, your ISS is a simple way of quantifying how well you’re currently protecting your Azure tenant from identity-based attacks.

Even better, she shows you how to generate a list of specific steps you can take to improve your ISS — while also significantly reducing your IT team’s workload.

Finally, Angelica offers a reminder that everything she’s discussed in the session is what she considers Step 0 in the process of establishing optimal security. When you’re ready to do more — to go beyond MFA and improve your overall security posture — she suggests taking the Microsoft Zero Trust Maturity Assessment Quiz in order to figure out what your most urgent, and most effective, next steps are.

Watch the recorded session now