You are about to run out of the office to enjoy the first long weekend in August and cybersecurity is the farthest thing from your mind. Attitude IT wants you to be able to really switch off and enjoy the next few days. To better prepare you from being away form the office and not being connected to a device here are some tips to improve your security and stop any unwanted hackers.
Create Admin Roles
Within the Microsoft 365 tenant it comes with a set of roles that you can assign to users within your organization. This allows your organization to set specific permissions for users on your team that match their roles in the organization. For the full list of detailed Microsoft Entra role descriptions you can manage in the Microsoft 365 admin center, check out Administrator role permissions in Microsoft Entra built-in roles.
Administrators will have access to sensitive information limit the number of global admins you assign; A privileged global admin should also be assigned in order to assist if a global admin accidently gets locked out of their account. Assign roles that make sense for the employee, only give them permissions that make sense for the amount of access they should have to do their job.
Enforce Multifactor Authentication
It is important to enforce MFA for all users but especially for Admin Roles. This allows for a second method of identification while signing in. This will also alert users of attempted breaches as well if they see an authentication request pop up on their device. Installing Microsoft Authenticator to manage your accounts is very useful and make sure each user is setting up MFA on their own device. Do not use shared log ins or shared cellphones for multiple users. That way if a users password gets compromised the hacker still needs access to the authentication device to gain access. When setting up MFA users will also have an alternative email and phone number to recover their password. With each user having management of their own MFA device this helps to secure their account.
Common Admin Roles in Microsoft
The most common roles one might assign in an organization include: Billing Admin, Assign the Billing admin role to users who make purchases, manage subscriptions and service requests, and monitor service health. This role also might manage Azure tickets and portal and manage any billing.
Exchange Admin:
Assign the Exchange admin role to users who need to view and manage your user's email mailboxes and can recover deleted emails. This role you may want to set up as to someone who is very stable within the company especially if you experience areas of high turn over. To help manage and delete in active accounts.
Global Admin:
Be careful not to assign to many users to this role they can re set passwords for all users, add and manage domain, unblock other global admins The person that signs up for Microsoft will automatically be a global admin and then can assign others to this role.
Group Admin:
Assign the groups admin role to users who need to manage all groups settings across admin centers, including the Microsoft 365 admin center and Microsoft Entra admin center. Can delete, edit and restore groups, can create, edit and restore policies and Microsoft Entra Groups.
Teams Administrator:
Assign the Teams administrator role to users who need to access and manage the Teams admin center. They can manage meetings, manage conference bridges and manage all org-wide settings, including federation, teams upgrade, and team’s client settings.
If you are working with a Microsoft partner or IT Team, they should be able to manage these roles for you but you may want to provide a guideline of who should have most privilege access. By setting up admin roles you business is applying the best practice of least privilege only allowing those with the specific job to view and manage sensitive company information. You can also access admin reports to verify, document and asses security.
For more support on managing these roles we hope you reach out to set up a consultation with our team! Have a great long weekend, from the Attitude IT Team.
-1.svg "Attitude IT: Keeping Your Technology on Course")