Our Microsoft partner, SYNNEX, compiled the following guidelines established by Microsoft to ensure the highest level of security. Included below, they’ve provided security guidelines for the prevention of and response to security incidents and links to the related Microsoft articles for each recommended action.
Below are recommended best practices for use at all times. Follow these steps in this priority order.
- Use Identity Isolation to limit exposure of credentials
- Enable MFA on all user scenarios
- Store secrets in approved locations (ex: Key Vault)
- Enable auditing for access to important resources
- Use minimal required permission level
- Perform periodicity review of Activity Audit logs, checking for:
- Were new groups and/or accounts provisioned?
- Is the set of privileged users correct?
- Has the set of users/applications for the Admin Agent group changed?
In the event of any suspected security incident, the following steps should be taken to ensure full security in the tenant. Follow these steps, in this order:
- Perform an inventory of all credentials (including keys and service principles).
- As a best practice and to prevent compromise, ensure MFA is enabled for all privileged user accounts. If MFA is already in use, expire all MFA tokens to force re-authentication.
- Review all constituents of the Admin Agent group and ensure there aren’t any accounts (users/service-principals) that should not be there.
- Perform an inventory of application registrations.
- Retire all refresh tokens used for API integration.