Azure AD (Entra)
Section Purpose: The security section shows recommend security controls for Azure AD based on the CIS Controls. Each control contains the following subsections:
Description
Policy Definition
Licensing Considerations
Set Up Instructions
End-User Impact
PowerShell Scripts
Video Tutorials
Policy | End-User Impact | License | Lower License Alternative |
---|---|---|---|
High | Azure AD P1 | Enforcing Per User MFA or MFA via Security Defaults | |
Low | Azure AD P1 | Enforcing Per User MFA or MFA via Security Default | |
Low | Azure AD P1 | N/A | |
None | Any | Any | |
Medium | Azure AD P1 | Legacy Auth methods can be disabled in an account manually without P1 via Security defaults | |
High | Azure AD P2 | N/A | |
High | Azure AD P2 | N/A | |
Medium | Azure AD P1 | N/A | |
Medium | Any | N/A | |
High | Azure AD P1 + Intune | N/A | |
Low | Any | N/A | |
Low | Any | N/A | |
Low | Azure AD P2 | N/A | |
Low | Azure AD P2 | N/A | |
Low | Any | N/A | |
Low | Azure AD P2 | Manual monitoring can be performed in the Azure Portal or with PowerShell | |
Medium | Any | N/A | |
None | Azure AD P1 | Without P1, logs are retained for 7 days | |
Low | Any | N/A | |
Low | Any | N/A | |
Medium | Azure AD P1 | N/A | |
None | Any | N/A |
Last updated