Tomorrow I will host a webinar about Windows 10 Autopilot.
I will talk about what Windows 10 Autopilot is, and how you can use this feature in your organization.
Join the Windows 10 Autopilot Webinar on Skype, tomorrow (Wednesday June 13) at 19:00 to 20:30
Microsoft is helping us protecting our global admins in the organizations with a new set of baseline protection policies.
Baseline protection is a set of predefined conditional access policies. The goal of these policies is to ensure that you have at least the baseline level of security enabled in all editions of Azure AD.
The first baseline protection policy that Microsoft has release is “Baseline policy: Require MFA for admins (Preview)”, which in the near future will enforce MFA on services admins in your tenant.
Users with access to privileged accounts have unrestricted access to your environment. Due to the power these accounts have, you should treat them with special care. One common method to improve the protection of privileged accounts is to require a stronger form of account verification when they are used to sign-in. In Azure Active Directory, you can get a stronger account verification by requiring multi-factor authentication (MFA).
Require MFA for admins is a baseline policy that requires MFA for the following directory roles:
- Global administrator
- SharePoint administrator
- Exchange administrator
- Conditional access administrator
- Security administrator
This baseline policy provides you with the option to exclude users and groups. You might want to exclude one emergency-access administrative account to ensure you are not locked out of the tenant.
Right now the policy isn’t enforce and it will automatically be enabled in the future, but you can change the setting and start using the policy right now.
Remember to join my webinar June 13, where I’m talking about Windows 10 Autopilot.
Join the Windows 10 Autopilot Webinar on Skype, Wednesday June 13 at 19:00 to 20:30