Author: SLCITPro

(Azure) Limit Device Domain Joining Azure AD to Administrators

Login to Azure or Launch Azure portal.

Head over to Azure Active Directory.

Select Devices.

Device Settings.

Set it to selected users.

Require Multi Factor Auth if you have set this up.

Note*

Users may register devices with Azure AD is required for 365 registration and Microsoft Intune enrollment. If you have configured these the setting will be unavailable to change.

There is another setting below that lets you selected maximum amount of devices joined per user or unlimited.

{ Add a Comment }

(Azure) Block Foreign Signins

This rule will help secure your environment from foreign countries that your business does not operate in.

Create a Conditional Access policy.
Under locations, specify which countries you operate in.
Check the box for “Include unknown areas”. The reason for this is that Microsoft does not detect the location from IPv6 (yet) so this will allow them. Attacks carried out via IPv6 are much more rare. In “Named Locations” you can opt into the preview which allows you to whitelist IPv6 ranges. You would likely have to contact your company’s mobile provider for their ranges if you use this.
Under policy rules, set access controls to “Block”, Include all, Exclude your locations.

When team members travel out of country, have them notify IT so you can create an exclusion under “Users and groups”.

{ Add a Comment }

(M365) Disabling Forwarding Rules to Outside Domains

This rule will help with email compromises which export email data to an external source or a company policy that enforces DLP.

Create a new rule in the Exchange admin center.
Add a bounce back message so that users will know right away if they have been compromised in this fashion or to notify that they are not allowed to funnel email to another source.

{ Add a Comment }

(M365) Add Warning to Emails Received From Outside

Creating this rule will help bring visibility phishing attempts that impersonate another person in your organization.

Go into the Exchange admin center and create a new rule.
Add an exception with your disclaimer text so that the warning message isn’t duplicated on subsequent emails.

{ Add a Comment }