Azure AD (Entra)

Section Purpose: The security section shows recommend security controls for Azure AD based on the CIS Controls. Each control contains the following subsections:

  • Description

  • Policy Definition

  • Licensing Considerations

  • Set Up Instructions

  • End-User Impact

  • PowerShell Scripts

  • Video Tutorials

Policy
End-User Impact
License
Lower License Alternative

High

Azure AD P1

Enforcing Per User MFA or MFA via Security Defaults

Low

Azure AD P1

Enforcing Per User MFA or MFA via Security Default

Medium

Azure AD P1

Legacy Auth methods can be disabled in an account manually without P1 via Security defaults

Low

Azure AD P2

Manual monitoring can be performed in the Azure Portal or with PowerShell

None

Azure AD P1

Without P1, logs are retained for 7 days

Last updated