• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Enforce MFA for SharePoint Online Sites with Conditional Access Policies

December 28, 2020
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, February 28, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home Tech Apps

Enforce MFA for SharePoint Online Sites with Conditional Access Policies

by AZURE SECURITY NEWS EDITOR
December 28, 2020
in Apps
0
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Securing Confidential SharePoint Online Data

SharePoint Online sites hold some very confidential information. Now that SharePoint Online supports sensitivity labels, you can protect individual documents with encryption to stop their contents leaking. Other features, like regarding newly uploaded documents sensitive by default to stop them being shared externally until Data Loss Prevention (DLP) processing completes, help too, as do normal DLP policies.

All of this is good, but a compromised account can still access sites and download information. And the quickest way to being compromised is for an account not to use multi-factor authentication (MFA). Microsoft says that MFA blocks 99.9% of account compromise accounts. According to a Microsoft session at the RSA Conference 2020, in January 2020 only 11% of enterprise Office 365 accounts were enabled for MFA. This is a real problem.

Conditional Access Policy for SharePoint Online

To encourage people to use MFA to secure confidential documents and increase the overall security posture of SharePoint Online, tenants can deploy Azure Active Directory conditional access (CA) policies to enforce MFA for specific sites. The technology is available in preview now with general availability slated for later this summer.

The CA policy controls user access to data with MFA and can be assigned to all users in the tenant or selected accounts. Figure 1 shows the general structure of such a policy and the configuration for actions, how access is granted, and the users coming within scope of the policy. You can also see that the policy requires users to accept a terms of use document.Image 1 Expand 

Figure 1: A conditional access policy to enforce MFA access for SharePoint Online sites (image credit: Tony Redmond)

In terms of enforcing MFA, the new option for CA policies is to control “accessing secured app data,” which is where SharePoint Online comes in. This can be combined with the other controls available in CA policies, such as setting a sign-in frequency to make sure that users can’t leave sessions open for long periods.

The levels referred to in the policy (Level 1, Level 2, and Level 3) are placeholders for now. In the final version, they might be called “Low security”, “medium security”, and “high security” or something similar.

Securing a Site

After configuring a CA policy, you need to assign it to a site (all types of sites are supported). For now, this must be done with PowerShell as no GUI exists in the SharePoint Online admin center for this purpose. You’ll need to download the latest version of the SharePoint Online PowerShell module (version 16.0.19927.0 at a minimum) to be able to run the necessary commands.

After installing the updated module, you can select a site to secure with MFA and run the Set-SPOSite cmdlet to link the CA policy with the site. For example:
PowerShell

1Set-SPOSite -Identity https://office365itpros.sharepoint.com/sites/TestMFASite -ConditionalAccessPolicy ProtectionLevel -ProtectionLevelName “urn:microsoft:req1”


This command tells SharePoint Online that the CA policy with the tag “urn:microsoft:req1” applies to the site. Think of the tag as the way to connect the site with the CA policy. As noted above, when generally available, the tag might be called something different to make it clearer and to indicate its purpose. The same CA policy can be assigned to multiple sites, but only one CA policy can be assigned to a site.

Once the CA policy for MFA is attached to a site, future attempts to access the site are assessed by Azure Active Directory against the CA policy settings (and any other CA policies which apply). Users whose accounts are secured by MFA meet the criteria for access set in the CA policy and can proceed as normal.

Those whose accounts do not use MFA see an Azure Active Directory sign-in screen telling them that the organization needs more information to keep their account secure, which is a polite way to tell the user to set up MFA (the appearance of the sign-in screen shown in Figure 2 uses custom branding).Image 2 Expand 

Figure 2: Accounts not protected by MFA are blocked (image credit: Tony Redmond)

Licensing

Conditional access policies of this type require Azure Active Directory Premium license. In this case, you’ll need AAD Premium for anyone who needs to access a site secured by the MFA policy. Microsoft sources tell me that this shouldn’t be a problem as most enterprise tenants have these licenses. This assertion can’t be confirmed independently, so it’s something to check for your tenant. In addition, users are likely to need Office 365 E5 or Microsoft 365 E5 compliance licenses. However, Microsoft has yet to confirm this.

Some Limitations

Increased security often incurs some limitations on functionality. If you apply a CA policy with MFA to a site, the following applies:

  • The OneDrive sync client can’t synchronize document libraries from the site.
  • Only the online apps can be used to open Office files (Word, Excel, PowerPoint).
  • Teams can’t load files from the site into its Files channel tab. You can only access files through the SharePoint browser interface.
  • OWA can’t add attachments to messages from document libraries in the site.
  • Workflows don’t work in the site.

Microsoft is working on these limitations and might be able to relieve some in the future.

Mix and Match Policies

Conditional access policies can be combined to allow different levels of access to a site. For instance, you could require some users to use both MFA and a managed device, while others are allowed in based on MFA alone. And others might be allowed access without MFA because of their position in the company (not recommended, but possible). A lot of flexibility exists, as does the chance to confuse people and block access. Take your time and figure out what access you need and how it should be controlled, and you’ll probably find a conditional access condition to suit.

Reference: https://petri.com/enforce-mfa-sharepoint-online-sites-conditional-access-policies

Share196Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

by Steef-Jan WiggersFOLLOW Microsoft Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. The company...

8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

by AZURE SECURITY NEWS EDITOR
February 25, 2021
0

It's one thing to build an edge solution for experimental Proof of Concepts or small, localized deployments, and another to...

How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

by AZURE SECURITY NEWS EDITOR
February 22, 2021
0

Now more than ever, organizations are challenged with keeping their employees productive working remotely and interacting with their customers over...

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

by AZURE SECURITY NEWS EDITOR
February 22, 2021
0

Microsoft is planning to end the integration of the Microsoft Defender for Endpoint security solution with the Azure Information Protection...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In