Microsoft Entra ID is a cloud-based identity and access management solution. While this solution has many features already, Microsoft has recently announced new Entra recommendations that provide actionable steps to mitigate security risks. We explain more in this article.
Learn from Microsoft’s best practices
Managing the myriad settings and resources within your tenant can be daunting. Which is why Microsoft has introduced the Microsoft Entra recommendations feature which enables customers to track all settings and resources within their organisation. This feature simplifies the monitoring of the tenant’s status, ensuring it remains secure and healthy. Here are just some of the new and upcoming recommendations to help improve the health and security of your applications.
Remove unused credentials from applications
The first new Microsoft Entra recommendation enables administrators to remove any unused credentials from applications. An application credential refers to a piece of information used by an application to authenticate itself when interacting with other apps or services. This new recommendation helps to prevent any unauthorised access to sensitive resources in case an application’s credential is compromised and enhances the overall security posture of the system.
Renew expiring service principal credentials
The second Entra recommendation highlights expiring application and service principal credentials to minimise the risk of downtime.
Remove unused applications
Another new recommendation focuses on removing unused applications to mitigate the potential for hackers to compromise sensitive corporate data.
Migrate applications from the retiring Azure AD Graph APIs to Microsoft Graph
Microsoft has also introduced a new recommendation to identify applications and service principals that have recently utilised Azure AD Graph APIs. Microsoft announced its plans to phase out the Azure AD Graph service in 2020, advising users to transition service principals to Microsoft Graph.
You can find these recommendations that are in general availability on the Microsoft Entra recommendations portal by looking for “Generally Available” under the column titled “Release Type” as shown below.
Changes to Identity Secure Score
If you’re unfamiliar with Microsoft’s Identity Secure Score, this is a security analytics tool that measures your organisation’s identity security posture. Firstly, it represents the effectiveness of your organisation’s security controls for Identity Access Management in Azure AD. Additionally the score calculates your organisation’s usage of recommended security controls and compares it against a baseline score. Microsoft determines the baseline score based on a set of common security practices recommended by them.
Microsoft has unveiled upcoming updates for Identity Secure Score. Among these updates is a new Secure Score recommendation aimed at helping organisations protect against insider risks. It allows the implementation of a Conditional Access policy to restrict access to corporate resources for high-risk internal users.
In addition to the new Secure Score recommendation, there are several other recommendations related to Secure Score that you can find via the official Microsoft announcement here. If you’d like to find out more about any of the points in this article or would like more information on keeping your data secure, contact our team who can help.
