Lock Down Your Microsoft 365: Your Essential Security Policies

preview_player
Показать описание
How do you secure your Microsoft 365? Here are 13 essential security policies for Microsoft 365 security, including conditional access policies.

🆓 FREE Facebook Group
From security to productivity apps to getting the best value from your Microsoft 365 investment, join our Microsoft 365 Mastery Group

🆓 FREE Microsoft 365 Guide
Our FREE Guide - Discover 5 things in Microsoft 365 that will save your business time and money….. and one feature that increases your Cyber Security by 99.9%

💻 Want to Work Together?

😁 Follow on Socials
TikTok @bearded365guy
Instagram @bearded365guy

Chapters
00:00 Introduction
01:08 Turn Off Security Defaults
03:07 Conditional Access MFA
04:54 Conditional Access Approved Countries
09:25 Block Unapproved Device Types
10:57 Disable Persistant Browser Sessions
12:05 App Protection Policies
13:54 Block Legacy Authentication
15:16 Require MFA for Entra Join
16:16 Disable SMS MFA
18:27 Enable App Consent Workflow
20:29 Default SharePoint Sharing Settings
  1. Jonathan Edwards
  2. microsoft 365
  3. microsoft security
  4. conditional access
  5. multi factor authentication
  6. multi factor authentication app
Рекомендации по теме
Lock Down Your 0:22:09

Lock Down Your Microsoft 365: Your Essential Security Policies

Defender for Cloud 0:20:50

Defender for Cloud Apps - Lock Down Your Cloud Apps & Protect Data

Block Personal Computers 0:09:19

Block Personal Computers with Conditional Access in Microsoft 365

How to lock 0:15:24

How to lock down your Microsoft Account

Lock down your 0:08:34

Lock down your Office 365 Tenant MFA ASAP

Microsoft 365 Security 0:38:09

Microsoft 365 Security Tips & Tricks from the field!

How to Protect 0:06:40

How to Protect Your Microsoft Office 365 Account

How to Unlock 0:01:52

How to Unlock your Microsoft account? #2023 #fixed #lockedaccount #microsoft #account #unlock

How to DISABLE 0:02:40

How to DISABLE the Windows 11 Lock Screen and Password

Locking down Cloud 0:05:29

Locking down Cloud PCs | Part 8, Windows 365 in locked down environments

What Your Boss 0:06:23

What Your Boss Can TRACK About YOU with Microsoft Teams

Microsoft 365 Outlook 0:01:57

Microsoft 365 Outlook Encrypted Email Demo

What to do 0:02:37

What to do if you can't sign in to your Microsoft account | Microsoft

How to Respond 0:15:02

How to Respond to a Compromised Microsoft 365 Account

This modification is 0:00:51

This modification is not allowed because the selection is locked Solution

Secure Your Microsoft 0:04:15

Secure Your Microsoft Word and Excel Documents, Essential Lockdown Tips

MS Teams Lockdown 0:04:27

MS Teams Lockdown Creators

Microsoft 365 Security 0:17:18

Microsoft 365 Security Basics: SharePoint & One Drive Security

How to change 0:01:04

How to change the font size and font style quickly in Microsoft Outlook

How to Disable 0:03:09

How to Disable Microsoft Family Features (2024)

🤷‍♂️ What is 0:14:10

🤷‍♂️ What is Microsoft 365 - Explained

How to change 0:01:19

How to change app recommendation settings for installing an app that is not from the Microsoft Store

You can't make 0:01:39

You can't make this change because the selection is locked Microsoft office error fixed

Lockdown 22: Implementing 1:38:53

Lockdown 22: Implementing and Scaling Microsoft 365 with the Maturity Model

Комментарии
Автор

I'd also recommend creating a Continuous Access Policy to require MFA if the network changes. This helps protecting against session token theft

smittayy
Автор

As always very informative!
Though I've some questions about 2FA.

1. What will be the impact for users when disabling SMS from Entra when they've already enabled/using SMS using the Per user MFA?

2. Do you need to disable Per user MFA when 2FA forced using a CA?

3. You've excluded the Admin from any CA. How would you enforce 2FA for this one?

Greetings from overseas, the Netherlands.

patrick__
Автор

@Jonathan Edwards. A nice bunch conditional access policies. My understanding is that the device platform filter only looks at the device string as reported by the device. This can be spoofed. A better control for managed devices are device filters. e.g. Where the device platform is not a managed Windows device, require an app protection policy.

GregThomson
Автор

Thanks, Jonathan - what a great overview! I cannot stress enough the importance of implementing these important controls in your tenant. well done!

bowersza
Автор

Thanks again Jonathan! The video I've been waiting for. Question, for those already enrolled in SMS/Phone call MFA, once you enable/enforce these policies, what happens? Will they be prompted/forced to enroll or change their MFA method to using the MS Authenticator?

justinpascarella
Автор

Thanks Jonathan, this insight was really helpful. May I know what license type is required to create new policies?

easy-tech
Автор

Thanks Jonahan, I like your straight forward communication style.

gregfyn
Автор

I work supporting 365 and i love your videos. Thanks!

alexandrecarreirapt
Автор

This is fantastic. thanks so much for putting this together.

djrx
Автор

I just wanted to join the group and let you know that your videos are amazing. Straight to the point and very informative. Due to this video, I created a little script in PowerShell using Microsoft Graph that will configure all these conditional access policies and one more that block access to all Azure Admin Portals. I just want to share the script as a little contribution to all the effort and good things that you put on your videos. What is the best way to share it? Thanks again for all your good work

orlandom-cr
Автор

Thank you for this video! Really great insight to the CA policies and really set a great foundation for me! Love what you're doing!

GFloGG
Автор

At the start of the video you created a conditional access policy requiring MFA for all users. Why is a second policy required MFA for Entra join. Isn't that redundant? Great video, Thanks!

paulmckenna
Автор

Great Vid. Was wondering if you could do a video on Intune device licenses. There is practically no info out there on this. Specifically enrolling Win10/11 devices using Intune device licenses for shared workstations? What are the best ways to do this? What are the limitations? Lots of businesses use shared workstations for healthcare or factory workers that use the same workstations when on shift as others. We want them in Intune without paying per user license. Thanks!

ggoben
Автор

Brilliant. No BS. straight to the point.

whoamigodknows
Автор

you would'nt believe how many dont do any of this! very helpful

ScottMillar
Автор

Another great video! Too many organisations rely on Microsoft Baseline or defaults

JRashid
Автор

loved this video thanks looking forward for more such videos

vibhubhatnagar
Автор

In the Entra ID Conditional Access -> Policies -> new Policy settings there is now "Newtwork" do we need to change anything there for any of these policies you are creating?
And when you do the exclusion for CA02 if the we are on P1 license with Business Standard will this work or do we need to add a different set of options?

andrewenglish
Автор

Amesing explanation. Question, do I need to assign an Entra P1 license for each user in my organization if I want to implement those essential security policies?

GabrielJIsaza
Автор

Thank you Jonathan, this will help me secure the tenants of my customers.

jimmyroels