Microsoft Entra ID best practices

Best practice rules for Microsoft Entra ID

Trend Micro Cloud One™ – Conformity monitors Microsoft Entra ID with the following rules:

• Check for Microsoft Entra ID Guest Users

  Ensure there are no Microsoft Entra ID guest users if they aren't needed.

• Enable "All Users" Group

  Ensure that "All Users" group is enabled for centralized access management within your Microsoft Entra ID account.

• Enable Security Defaults

  Ensure that Security Defaults is enabled for Microsoft Entra ID.

• Guest User Permissions Are Limited

  Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored).

• Guests Can Invite

  Ensure that 'Guests can invite' is set to 'No' (Not Scored).

• Members Can Invite

  Ensure that 'Members can invite' is set to 'No' (Not Scored).

• Multi-factor Authentication For All Non-privileged Users

  Ensure that multi-factor authentication is enabled for all non-privileged users (Not Scored).

• Multi-factor Authentication For All Privileged Users

  Ensure that multi-factor authentication is enabled for all privileged users (Not Scored).

• Multi-factor Authentication On Devices

  Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)

• Notify All Admins When Other Admins Reset Their Password

  Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored).

• Notify Users On Password Resets

  Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored).

• Number Of Days Before Authentication Information Re-confirmation

  Ensure that 'Number of days before users are asked to re-confirm their authentication information' isn't set to '0' (Not Scored).

• Number Of Methods Required To Reset Password

  Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored).

• Require Multi-Factor Auth To Join Devices

  Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored).

• Restrict Access To Microsoft Entra ID Administration Portal

  Ensure that 'Restrict access to Microsoft Entra ID administration portal' is set to 'Yes' (Not Scored).

• Restrict User Access to Microsoft Entra Group Features in Azure Access Panel

  Ensure that the 'Restrict user ability to access groups features in the Access Panel' setting is set to 'Yes' (Not Scored).

• Self-service Group Management Enabled

  Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored)

• Users Can Add Gallery Apps To Their Access Panel

  Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored).

• Users Can Consent To Apps Accessing Company Data On Their Behalf

  Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored).

• Users Can Create Office 365 Groups

  Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored).

• Users Can Create Security Groups

  Ensure that 'Users can create security groups' is set to 'No' (Not Scored).

• Users Can Register Applications

  Ensure that 'Users can register applications' is set to 'No' (Not Scored).

• Users Who Can Manage Office 365 Groups

  Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored).

• Users Who Can Manage Security Groups

  Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored).