Best practice rules for Microsoft Entra ID
- Check for Microsoft Entra ID Guest Users
Ensure there are no Microsoft Entra ID guest users if they aren't needed.
- Enable "All Users" Group
Ensure that "All Users" group is enabled for centralized access management within your Microsoft Entra ID account.
- Enable Security Defaults
Ensure that Security Defaults is enabled for Microsoft Entra ID.
- Guest User Permissions Are Limited
Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored).
- Guests Can Invite
Ensure that 'Guests can invite' is set to 'No' (Not Scored).
- Members Can Invite
Ensure that 'Members can invite' is set to 'No' (Not Scored).
- Multi-factor Authentication For All Non-privileged Users
Ensure that multi-factor authentication is enabled for all non-privileged users (Not Scored).
- Multi-factor Authentication For All Privileged Users
Ensure that multi-factor authentication is enabled for all privileged users (Not Scored).
- Multi-factor Authentication On Devices
Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
- Notify All Admins When Other Admins Reset Their Password
Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored).
- Notify Users On Password Resets
Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored).
- Number Of Days Before Authentication Information Re-confirmation
Ensure that 'Number of days before users are asked to re-confirm their authentication information' isn't set to '0' (Not Scored).
- Number Of Methods Required To Reset Password
Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored).
- Require Multi-Factor Auth To Join Devices
Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored).
- Restrict Access To Microsoft Entra ID Administration Portal
Ensure that 'Restrict access to Microsoft Entra ID administration portal' is set to 'Yes' (Not Scored).
- Restrict User Access to Microsoft Entra Group Features in Azure Access Panel
Ensure that the 'Restrict user ability to access groups features in the Access Panel' setting is set to 'Yes' (Not Scored).
- Self-service Group Management Enabled
Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored)
- Users Can Add Gallery Apps To Their Access Panel
Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored).
- Users Can Consent To Apps Accessing Company Data On Their Behalf
Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored).
- Users Can Create Office 365 Groups
Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored).
- Users Can Create Security Groups
Ensure that 'Users can create security groups' is set to 'No' (Not Scored).
- Users Can Register Applications
Ensure that 'Users can register applications' is set to 'No' (Not Scored).
- Users Who Can Manage Office 365 Groups
Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored).
- Users Who Can Manage Security Groups
Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored).