Miscrosoft Active Directory best practices
Cloud Conformity monitors Active Directory following the following rules:
Ensure that security groups can be created only by Active Directory (AD) administrators.
Ensure that Office 365 groups can be managed only by Active Directory (AD) administrators.
Ensure that security groups can be managed only by Active Directory (AD) administrators.
Ensure there are no Microsoft Azure Active Directory guest users if they are not needed.
Do not allow users to remember Multi-Factor Authentication (MFA) on their devices and browsers.
Ensure that Active Directory (AD) self-service group management is disabled for non-administrator users.
Ensure that "All Users" group is enabled for centralized access management within your Active Directory account.
Ensure that user authentication information reconfirmation is enabled within Active Directory password reset policy.
Ensure that the number of methods required for user password reset is set to 2 (two).
Ensure that Multi-Factor Authentication feature is enabled for all non-privileged users.
Ensure that Multi-Factor Authentication (MFA) is enabled for all privileged Azure users
Ensure that Microsoft Azure Active Directory (AD) admins are notified on password resets.
Ensure that Microsoft Azure Active Directory (AD) users are notified on password resets.
Require Active Directory administrators to provide consent for applications before use.
Ensure that Active Directory (AD) guest users permissions are limited.
Ensure that joining devices to Active Directory requires Multi-Factor Authentication.
Ensure that Active Directory users are not allowed to add applications to Azure Access Panel.
Ensure that non-privileged users are not allowed to register third-party applications.
Ensure that guest users cannot invite other guests to collaborate with your organization.
Ensure that only Active Directory administrators can invite guests to your directory.
Ensure that non-administrator users are not allowed to access Active Directory administration portal.
Ensure that Office 365 groups can be created only by Active Directory (AD) administrators.