How to use Azure AD Security Tools & Resources To Secure Azure. Do you want a deep dive into the Azure AD security tools and resources you require to secure your cloud infrastructure? This article discusses these security tools and how to use them.
We also explore some Azure AD logs for detecting security vulnerabilities. While these tools are great, there are third-party resources that offer better solutions.
In the last part of this article, we explain how our own InfraSOS Azure AD monitoring and auditing tools help secure your Azure cloud identity.
Built-in Azure AD Security Tools and Resources
1. Role-based Access Control (RBAC)
Cloud infrastructure security begins with the management of access to resources. Microsoft Azure AD security supports the “zero trust” paradigm to help organizations meet this essential security baseline.
This security principle says, “never trust, always verify.” In other words, “zero trust” promotes “least-privilege,” “thoroughly verify,” and “assume breach.”
The Azure role-based access control is at the core of Microsoft’s “zero trust” Azure AD security implementation. It set the “least-privilege,” and “thoroughly verify.” baseline.
To achieve this, Azure RBAC assigns permissions to users based on their roles in the infrastructure.
To further simplify the process, Microsoft has about 60 built-in roles in Azure Active Directory. However, if non of the existing roles meet your requirement, create custom roles.
Regarding role assignments, assigning roles to users via groups and not directly to users is the best practice. It is vital to mention that assigning roles to an Azure AD group requires making it role-assignable while creating it. Once you create a group, this setting cannot be modified.
You assign roles to a group from the group’s “Assigned roles” menu.
Alternatively, Azure AD roles are assigned to a group via the “Roles and administrators” page.
2. Multifactor Authentication
The traditional username and password for authenticating a user is vulnerable to compromise. To reduce its vulnerability to this classic single-factor authentication method, Azure offers multi-factor authentications to protect cloud resources. This involves requiring additional authentication beyond usernames and passwords.
Specifically, IT admins configure Azure AD to require verification via SMS sent to a phone. Additionally, it may request further biometrics (fingerprint or face scan) verification from a user.
When Multifactor authentication is enabled by an Azure AD admin, users select these available verification methods when they access My Profile.
There are 2 options to enable MFA in Azure Active Directory. Firstly, by enabling security defaults.
To enable security defaults, sign in to portal.azure.com and open Azure Active Directory. After that, click Properties on the Manage menu, then click “Manage security defaults.”
Finally, to enable security defaults, select enable from the drop-down and save changes.
You cannot enable security defaults and use Conditional Access Policies simultaneously. Therefore, to use Conditional Access Policies, you must disable security defaults.
Since you cannot use both, it is unsurprising that MFA is enabled via Azure AD Conditional Access Policies.
To enable the Multifactor authenticator using this method, search for and open “Conditional Access” in the Azure portal. After that, click “+ Create new policy.”
On the New Conditional Access policy page, give the name a name. Then, configure other aspects of the policy.
Click Grant on the “Access controls” section, and choose “Grant” on the flyout (this is the default). Finally, to enable MFA, check the “Require multifactor authentication” checkbox and click Select.
Try our Active Directory & Office 365 Reporting & Auditing Tools
Try us out for Free. 100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.
3. Azure AD Identity Protection
Identity Protection protects cloud resources and allows organizations to detect and remediate identity risks automatically. The tool also provides data needed for risk investigation.
There are 2 elements to achieve this. First, enabling the security policies that protect Azure AD identities.
To achieve this first objective, Azure AD “Identity Protection” offers 3 policies – the “user risk policy,” “sign-in risk policy,” and “Multifactor authentication registration policy.”
To enable a policy, click on it. Ten configure the users the policy applies to by clicking Users in the Assignments section.
Next, select User risk tolerance, determine whether to block or grant access and require multifactor authentication.
When you finish, enable and save the policy.
Microsoft recommends creating user and sign-in risk policies using Conditional Access instead of the above methods.
The second element of Identity Protection is using logs to detect and remediate risks. Hence, Azure AD security tool offers three logs.
Firstly, it offers “Risky users” and “Risky sign-ins.” It also has two additional logs – “Risky workload identities” and “Risk detections.”
4. Azure AD Conditional Access Policy
Conditional Access policies evaluate conditions (signals) to make decisions that enforce an organization’s security policies. It is essentially an “if,” “then” policy.
For example, if a user wants to access an application from a location, a policy may evaluate where the user is accessing Azure.
If the policy sets a location condition, it checks that the user meets it. Then, the policy “Deny” or “Allow access” with additional conditions like requiring MFA.
In practice, what I described earlier as “signals,” “decisions,” and “enforce” are divided into Assignments and “Access controls” in a Conditional Access Policy.
The Assignments section offer the option to configure control access based on who the policy applies to (users). Additionally, conditional access uses the “Cloud apps or actions” signal to determine which cloud app the policy or user actions trigger the policy.
There is also the option to control access based on a device’s state, its platform (OS, for example), or a user’s location.
Moreover, a Conditional Access policy has an Access controls section with configurations determining whether to grant or deny access and/or control access based on session conditions.
5. Azure AD Privileged Identity Management
Azure AD offers Privileged Identity Management (PIM), a security feature that allows granting and managing access to Azure resources. PIM limits privileged access to a specific period, after which the access expires.
Moreover, PIM incorporates an approval process, which forces accountability. For instance, a justification must be provided before an approver grants requested privileged access.
Additionally, Privileged Identity Management also supports conducting access reviews to ensure that users granted privileged access still need them.
To learn how to set up PIM, read our article “Azure AD Privileged Identity Management: Manage & Monitor Privileged Accounts.”
6. Azure AD Passwordless Authentication
Multifactor authentication introduces an additional layer of authentication for users. This does not necessarily produce the best user experience.
But what if there is a way to remove passwords and multifactor authentication and still secure an infrastructure? The good news is that this is achieved through passwordless authentication methods.
Azure Active Directory offers organizations three methods to avoid passwords (passwordless authentication) but keep their infrastructure secure.
These include Microsoft Authenticator, Windows Hello for Business, and FIDO2 security keys.
To enable the FIDO2 security key or Microsoft Authenticator passwordless authentication methods, search and open “Authentication methods” after signing in to portal.azure.com.
To deploy Windows Hello for business, read its planning, deployment prerequisite, and cloud-only deployment guides.
Built-in Reporting Tools for Securing Azure AD Resources
The security features we discussed in the last section protect Azure AD against potential attacks. However, enabling the features is not enough to prevent cyberattacks.
After enabling the Azure AD security features and services, activity data (or logs) is required to evaluate the infrastructure’s security posture. Fortunately, Azure Active Directory provides various logs to help achieve this objective.
Check out configuring and using the various logs available in our article “How to Monitor Azure AD Activity for Improved Security.” It explains how to monitor audit and sign-in logs.
Also read “Analyze Azure AD Security Logs: Audit & Monitor Azure AD Activity,” to learn how to analyse the logs discussed in the first article.
How InfraSOS Reporting and Auditing Tool Secures Your Azure AD Resources
We have discussed various Azure AD security tools and resources. Additionally, we explored built-in reporting tools that provide data to make security decisions.
While these logs are great for assessing and detecting essential security vulnerabilities, they lack some details the third-party reporting tools provide.
In this section, we explore how our own InfraSOS Azure AD monitoring and reporting tools provide robust information for making security decisions.
Also Read See InfraSOS Office 365 Reporting Tool
1. InfraSOS Azure AD Monitoring and Reporting Tools
The InfraSOS Azure AD monitoring and reporting solution, makes it easy to reduce the attack surface of your Azure Active Directory and Microsoft 365 infrastructure. It achieves these through several in-depth Azure AD reports.
InfraSOS provides customizable Azure AD activity reports. These include Azure AD Auditing and Sign-ins logs.
Specifically, the InfraSOS Azure AD reports provides information like which admin added or modified a user or group and how many times admins reset passwords in the past 24 hours. Similarly, with the InfraSOS Azure AD Sign-ins logs, you determine which users signed in within a specified date range, did the sign-ins succeeded or failed, and why.
Beyond viewing the reports, our tool allows you to schedule them to run and send you results via email. Moreover, it allows exporting reports to reports in CSV, pdf, xlsx, csvde, or HTML formats.
To learn more about all the features, visit the InfraSOS Azure AD monitoring and reporting tools page.
2. InfraSOS Office 365 Monitoring and Reporting Tools
InfraSOS also offers Office 365 monitoring and reporting tools. This SaaS tool gives you all you need to audit and analyse Microsoft 365 users, groups, and licenses and track multifactor authentication.
With our Office 365 monitoring tools, organizations run reports on blocked Azure AD user accounts, get historical login information for a user, and find users that have never changed their passwords.
Sign-up free to learn how the InfraSOS Office 365 monitoring and reporting tools improve the security of your Azure AD resources’ security.
How to use Azure AD Security Tools & Resources To Secure Azure Conclusion
Azure Active Directory has various built-in tools organizations require to secure their cloud identity infrastructure. In this article, we highlighted the features of six of these tools.
Specifically, the article explained Azure AD Role-based Access Control (RBAC), multifactor authentication, and Identity Protection. Additionally, we discussed Azure AD Conditional Access Policy, Privileged Identity Management (PIM), and Passwordless Authentication.
We also discussed how InfraSOS Azure AD and Office 365 monitoring and reporting tools offer robust data that help organizations strengthen the security of their Azure AD infrastructure.
Try InfraSOS for FREE
Try InfraSOS Active Directory, Azure AD & Office 365 Reporting & Auditing Tool
- Free 15-Days Trial
- SaaS AD Reporting & Auditing Solution
