Cybersecurity Expert Reacts To M365 Defaults [Detailed Breakdown]

Поділитися
Вставка
  • Опубліковано 23 гру 2024

КОМЕНТАРІ • 5

  • @elementdude814
    @elementdude814 9 днів тому +1

    Great video Ru! Thank you for going through out of the box security defaults.

  • @ikazimirs
    @ikazimirs 10 днів тому +2

    Great video Ru - while secure by default is a great concept it will always be contextual. What i would really like to see is an onboarding permissions run through rather than have defaults at all. Dont let someone create a tenant until they review and set a default of their own before the tenant spins up. I know easy create is great, but if an admin/user was asked to provide a bunch of config before tenant creation in the form of some sort of submission form or flow through window - a) they would be aware of what the current setting is and that it exists in the first place and b) they might consider looking for advice to get it secure from get go.

  • @chrisrossneely
    @chrisrossneely 10 днів тому +2

    Default tenant config needs to span from Azure Free all the way through to E5, hence favouring Security Defaults rather than CA, and as you said, they aren’t compatible. I agree though, I’d much rather see MFA for all users, MFA for Admins and block Legacy Auth called out as specific Conditional Access Policies if your licensing supported it.
    Email authentication- from memory- is only available for Self Service Password Reset- not as a MFA challenge (even though it’s listed in Auth Methods). I could be wrong, that mightn’t be the default.
    Great content. Keep it up!

    • @rucam365
      @rucam365 10 днів тому +2

      Correct, agree, and thanks! Though I don’t like email for SSPR either as you can’t verify the security of the unmanaged mailbox. But, accept the trade off can be worth it (eg coupled with other methods enforced during reset).
      IMO, CA, or at least some conditions and controls, should trickle down to Entra ID Free. As time goes and what’s considered adequate security does too, that’s my hope (won’t bet the farm on it though).

  • @0xcalmaf976
    @0xcalmaf976 10 днів тому

    Magneto relogin please