Day-4: Security Foundations – Protecting Identities in Microsoft 365

By | January 5, 2026
0 Comment

Series: 30 Days of Microsoft 365 Admin
Author: Jaspreet Singh

🎯 Day-4 Objective

After creating users and assigning roles (Day-3), today’s goal is to:

  • Secure user sign-ins
  • Reduce account compromise risk
  • Understand Microsoft’s identity security layers
  • Prepare for Conditional Access (Day-5)

1️⃣ Password Policies & Sign-In Protection

🔧 Admin Steps

  1. Open Microsoft Entra Admin Center
  2. Go to
    Identity → Protection → Authentication methods
  3. Select Password protection

🔍 What to Review

  • Password length & complexity
  • Banned password list
  • Smart lockout threshold
  • Lockout duration

🧠 Admin Reality

These settings silently protect tenants from:

  • Password spray attacks
  • Brute-force attempts

2️⃣ Multi-Factor Authentication (MFA) – Hands-On

🔧 Enable MFA for a User

  1. Entra Admin Center
  2. Users → All users
  3. Select a test user
  4. Click Authentication methods
  5. Enable MFA

👤 User Experience Test

  • Sign in as test user
  • Register Microsoft Authenticator
  • Verify MFA prompt during login

🧠 Admin Insight

  • MFA is mandatory for admins
  • Optional for users (until enforced by policy)
  • Reduces account compromise by ~99%

3️⃣ Security Defaults – Practical Understanding

🔧 Check Security Defaults Status

  1. Entra Admin Center
  2. Identity → Properties
  3. Click Manage security defaults

📌 What Security Defaults Enforces

  • MFA for admins
  • MFA for risky sign-ins
  • Blocks legacy authentication

⚠ Admin Note

Once Conditional Access is enabled, Security Defaults must be turned OFF.

4️⃣ Identity Protection – Risk Visibility

🔧 Portal Navigation

Entra Admin Center → Identity → Protection → Identity Protection

📊 What You Can Monitor

  • Risky users
  • Risky sign-ins
  • Risk levels (Low / Medium / High)

🧠 Real-World Scenario

If Microsoft detects leaked credentials:

  • User marked as “High Risk”
  • Admin forces password reset
  • Sign-in can be blocked

5️⃣ Admin Security Best Practices (Very Important)

🔐 Best Practices

✔ Separate admin & user accounts
✔ MFA for all privileged roles
✔ Least privilege principle
✔ Monitor sign-in logs regularly
✔ Remove unused admin roles

🎯 Interview Question

Q: Why not use Global Admin daily?
A: If compromised, attacker gets full tenant access.

✅ End of Day-4 Outcome

After Day-4, you can:
✔ Secure identities created on Day-3
✔ Explain MFA & identity risk clearly
✔ Understand Microsoft security layers
✔ Prepare confidently for Conditional Access

📅 DAY-5 PREVIEW (NEXT DAY PLAN)

Day-5: Conditional Access – Real Security Controls

We will configure:
🔹 Conditional Access policies
🔹 MFA enforcement for users
🔹 Location-based access rules
🔹 Device-based conditions

Leave a Reply

Your email address will not be published. Required fields are marked *