Microsoft Entra is the company"s business and enterprise service that offers secure ways for a company to set up its digital sign-up and identity system for its employees. Today, Microsoft announced a couple of new Entra developments designed to help monitor its security and safety.
As mentioned in the official Microsoft Entra blog, one of the new developments is that more Microsoft Entra Recommendations have been added, either as public previews or in general available. Entra Recommendations are run every day to inform company IT members if they need to take action on certain issues.
The new Entra Recommendations include:
- Remove unused credentials from applications
- Renew expiring service principal credentials
- Renew expiring application credentials
- Remove unused applications
In addition, there are two more new Entra Recommendations that relate to the Azure AD Graph service, which was announced as deprecated in 2020 and is currently in its retainment cycle. The two new Entra Recommendations will alert IT workers to migrate apps from Azure AD Graph to Microsoft Graph, along with an alert to migrate service principals that have recently accessed Azure AD Graph APIs to move them to Microsoft Graph.
Microsoft has also added some new improvements to Entra Recommendations" Identity Secure Score. It offers a percentage number of how a tenant has its system aligned with Microsoft"s own recommendations. Microsoft has added a new Secure Score recommendation that"s available now in public preview:
Protect your tenant with Insider Risk policy: Implementing a Conditional Access policy that blocks access to resources for high-risk internal users is of high priority due to its critical role in proactively enhancing security, mitigating insider threats, and safeguarding sensitive data in real-time.
Microsoft has also a number of other Entra Recommendations related to Secure Score:
- Enable password hash sync if hybrid
- Protect all users with a user risk policy
- Protect all users with a sign-in risk policy
- Use least privileged administrative roles
- Require multifactor authentication for administrative roles
- Ensure all users can complete MFA
- Enable policy to block legacy authentication
- Designate more than one Global Admin
- Do not expire passwords
- Enable self-service password reset
- Do not allow users to grant consent to unreliable applications
Microsoft concluded the blog post by stating that sometime in the future, Entra Recommendations will include email notifications that can send out news of new recommendations that are available.