Finding Holes in Conditional Access Policies
0 likes176 views
The document discusses common misconfigurations in cloud access policies, highlighting the importance of Multi-Factor Authentication (MFA) for various administrative roles. It emphasizes the need for regular maintenance to avoid policy gaps due to overlapping IP spaces and complex conditions. Additionally, it provides resources for reviewing and optimizing cloud access policies.
Finding Holes in Conditional Access Policies
- 1. ACCESS POLICIES FINDING HOLES IN CONDITIONAL Cloud Village - DC32
- 2. WHOAMI BRANDON COLLEY @TECHBRANDON FOUNDER - BNR CONSULTING SERVICE LEAD & SENIOR SECURITY CONSULTANT - TRIMARC
- 3. Common misconfigurations Why they matter What you can do about it
- 4. LARGE NUMBER OF POLICIES 17 REPLIES High/Low: 16 - 120 Average: 57.7
- 7. REQUIRE MFA FOR ADMINS 14 ROLES BY DEFAULT Global Administrator Security Administrator SharePoint Administrator Exchange Administrator Conditional Access Administrator Helpdesk Administrator Billing Administrator User Administrator Authentication Administrator Application Administrator Cloud Application Administrator Password Administrator Privileged Authentication Administrator Privileged Role Administrator
- 8. REQUIRE MFA FOR ADMINS 14 ROLES BY DEFAULT Global Administrator Security Administrator SharePoint Administrator Exchange Administrator Conditional Access Administrator Helpdesk Administrator Billing Administrator User Administrator Authentication Administrator Application Administrator Cloud Application Administrator Password Administrator Privileged Authentication Administrator Privileged Role Administrator ADD AT LEAST: Authentication Policy Administrator Directory Writers External Identity Provider Administrator Hybrid Identity Administrator Identity Governance Administrator Intune Administrator License Administrator Partner Tier 1 Support Partner Tier 2 Support
- 10. NAMED LOCATIONS SUBNETS!!! Regular maintenance Narrow scopes Overlapping IP space
- 16. BUILT IN TOOLS
- 17. IDPOWERTOYS
- 18. IDPOWERTOYS
- 19. IDPOWERTOYS
- 20. MAESTER.DEV
- 21. MAESTER.DEV
- 22. MAESTER.DEV
- 24. INVOKE-CAPREVIEW
- 25. INVOKE-CAPREVIEW
- 28. WRITE YOUR TOPIC OR IDEA ADD A MAIN POINT Briefly elaborate on what you want to discuss. ADD A MAIN POINT Briefly elaborate on what you want to discuss. ADD A MAIN POINT Briefly elaborate on what you want to discuss. Back to Agenda Page
- 29. Back to Agenda Page WRITE YOUR TOPIC OR IDEA Briefly elaborate on what you want to discuss.
- 30. Write a column name Write a column name Write a column name Write a column name Write a column name WRITE YOUR TOPIC OR IDEA Back to Agenda Page
- 31. Item 1 20% Item 2 20% Item 3 20% Item 4 20% Item 5 20% WRITE YOUR TOPIC OR IDEA Briefly elaborate on what you want to discuss. Back to Agenda Page
- 32. WHITEBOARD PAGE Write a note here Write a note here Copy a note, drag to the board, and write your ideas. Copy a note, drag to the board, and write your ideas. Tip: Collaboration makes teamwork easier! Click "Share" and invite your teammates to fill this up. Use this page for bulletins, brainstorms, and other fun team ideas. Right-click on the background of the slide, or on the thumbnail below, for the option to expand this page into a whiteboard for more space.
- 33. Brainstorm better! Set a time limit for yourself for a more focused brainstorming session. Tip: Collaboration makes teamwork easier! Click "Share" and invite your teammates to fill this up. Use this page for bulletins, brainstorms, and other fun team ideas. Right-click on the background of the slide, or on the thumbnail below, for the option to expand this page into a whiteboard for more space. Add a main topic Add a related idea Add a related idea Add a related idea Add a related idea Add more sub-ideas Add more sub-ideas Add even more sub-ideas Add even more sub-ideas Add more sub-ideas Add more sub-ideas Add even more sub-ideas Add even more sub-ideas
- 34. RESOURCE PAGE Use these design resources in your Canva Presentation. Happy designing! Don't forget to delete or hide this page before presenting.
- 35. RESOURCE PAGE Use these design resources in your Canva Presentation. Happy designing! Don't forget to delete or hide this page before presenting.
- 36. B for blur C for confetti D for a drumroll M for mic drop O for bubbles Q for quiet U for unveil Any number from 0-9 for a timer RESOURCE PAGE Find the magic and fun in presenting with Canva Presentations. Press the following keys while on Present mode! Delete or hide this page before presenting.