Password Management (part 1)

By Ashwin Venugopal -

 



To read part 2, please click here
To read part 3, please click here







Password Policies & Authentication

However, Microsoft 365 provides secure access by asking users to sign in with a password, you have to perform various tasks to manage them for your organization's users which may include changing passwords, setting password expiration, resetting passwords, etc.

Setting Password Expiration

This policy can be changed with the help of following steps:
  1. Select the Security & Privacy tab on the Settings menu in the Microsoft 365 admin center.
  2. Now select the Password Expiration Policy in the tab.
  3. Select "Set user passwords to expire after a number of days" and specify the number of days between 14 and 730 for password expiration.
  4. The number of days should be between 1 and 30 for the notification warning of password expiration.
  5. Finally, save your settings.

If a user is not able change his or her password before the expiration time has elapsed, they can either change it with the help of Password update page which always appears the next time they sign in or you can reset their password for them. Whereas, to disable a password expiration for single users using PowerShell, you can use the Set-MSolUser cmdlet with the -PasswordNeverExpires parameter.

Resetting User Passwords

The Active users page will help you to reset a password for one or more users by assigning a new randomly-generated password or a password of your choice and you can also select whether users want to change their password at their next sign in.

Resetting Admin Passwords

If you forget your own administrator password, you can opt for following options:

  • Ask another administrator to reset it for you- Here, the other administrator should be a global admin, a user management admin, or a password admin and if your account is a global admin one, then you can easily get another administrator with a global admin account to reset it for you.

  • Reset the password yourself- You can use the Can't access your account? link present on the sign-in page of Microsoft 365 to reset your password and if you follow the instructions given by the link, you will be sent an email with a link allowing you to reset your password.    

Note- The entire admin password reset process must be completed within 10 minutes if you are resetting the password for yourself, else you have to start the process all over again. 

Multi-factor Authentication

Multi-factor authentication provides secure access to data and applications and requires two or more than the following authentication methods:

  1. Something you know (typically a password)
  2. Something you have (a trusted device that's not easily duplicated, like a smart device or a badge)
  3. Something you are (fingerprints, iris/retina scan, facial recognition) 

Require MFA

As MFA provides an extra layer of security and is managed from the security center, it also contains the following subset of MFA authentication capabilities:

  • Use mobile apps (online and one-time password) as a second authentication factor
  • Use a phone call as a second authentication factor

Some methods to enforce MFA are:

  • Require users to authenticate their smartphone, laptop, or other devices with MFA before registering with Intune to access your network.
  • Monitor the health of your user accounts with Azure AD, and requires users to reset their password, re-register for MFA, or revoke existing MFA sessions from their user objects whenever needed.

The MFA can enabled in the Microsoft 365 admin center with the help of following steps:

  1. Select Users and then Active Users in the admin center.
  2. Select multi-factor authentication in the Active Users section.
  3. On the MFA page, you can either select a user(s) to enable this for one user(s) or select Bulk update to enable multiple users with a CSV file. 
  4. Select Enable under quick steps.
  5. Now click enable multi-factor auth in the pop-up window. 

After successfully enabling users for MFA, the following options can be used as the second authentication factor:

  • Call to phone-Users will receive a phone call with instructions for users to press the pound key after which the users are signed in. 

  • Text message to phone- Users will receive a text message containing a six-digit code that they must enter into the Microsoft 365 portal.

  • Notification through mobile app- Users will configure a smartphone app that will receive a notification that users should confirm to sign in to Microsoft 365 and available for Windows phone, iPhone, and Android devices.  

  • Verification code from mobile app- Users can configure a smartphone app and enter a six-digit code from the app into the portal. 








To read part 2, please click here
To read part 3, please click here












Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Project Resourcing (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here Engineering - SIEM The SIEM engineers configures Microsoft Sentinel, including Log Analytics, Logic Apps, workbooks, and playbooks. They are also responsible for the following high-level tasks: Initial configuration of Azure tenant, including provisioning required resources, assigning access roles, and configuring workspace parameters like log retention, resource tagging, and blueprints.  Deployment and configuration of syslog/CEF log collection agents in appropriate locations to collect logs from on-premises devices. Generally, it will be joint effort of both system engineer and SIEM engineer, involving configuration and potential troubleshooting.  Working with system owners to enable log forwarding and configuring any required parsing of log data in Log Analytics.  Working with security operations to create and deploy KQL analytic rules to offer detections for SOC/Computer Security Incident Response Team (CSRIT) use. Tuning...
Read more