Joy Chik, corporate vice president for Microsoft Identity, recently laid out a general overview of Azure AD security best practice. This announcement comes in the light of improvements that were recently announced to Azure Active Directory including conditional access policy management enhancements and synchronization service additions.
Microsoft has suggested that companies using Azure AD follow their five-point best-practices plan. The following is a brief excerpt.
Microsoft wants organizations to move toward a “zero trust” approach to Active Directory. The overview also encourages enterprises to move away from traditional passwords-based approaches to verifying user identities, and adopt Windows Hello for Business, Microsoft Authenticator, and FIDO2 security keys from partners like AuthenTrend, Feitian, or Yubico.” Microsoft also advocates using MFA, a secondary means of verifying user identities in addition to a password.
Azure AD Improvements:
Microsoft announced some enhancements to its Azure AD Connect solution. The service can now use two synchronization services, namely “Azure AD Connect sync which lives on-premises, and Azure AD Connect cloud sync which is powered by the cloud,” Microsoft explained.
Changes to Conditional Access Policy Sorting:
Microsoft has added a search bar to its Azure Portal. Additionally, Azure AD Conditional Access policies now can be sorted by “policy name, state, creation date, and modified date.” Users can now use the new “filter” function to filter the policy lists by state, creation time, and modified time. Moreover, a count of the Conditional Access policies that are created recently gets shown in the portal, too.