{"id":342,"date":"2026-01-05T19:00:23","date_gmt":"2026-01-05T19:00:23","guid":{"rendered":"https:\/\/myallcodes.in\/?p=342"},"modified":"2026-01-05T19:00:24","modified_gmt":"2026-01-05T19:00:24","slug":"day-4-security-foundations-protecting-identities-in-microsoft-365","status":"publish","type":"post","link":"https:\/\/myallcodes.in\/index.php\/2026\/01\/05\/day-4-security-foundations-protecting-identities-in-microsoft-365\/","title":{"rendered":"Day-4: Security Foundations \u2013 Protecting Identities in Microsoft 365"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><strong>Series:<\/strong> 30 Days of Microsoft 365 Admin<br><strong>Author:<\/strong> Jaspreet Singh<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udfaf Day-4 Objective<\/h2>\n\n\n\n<p>After creating users and assigning roles (Day-3), today\u2019s goal is to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Secure user sign-ins<\/li>\n\n\n\n<li>Reduce account compromise risk<\/li>\n\n\n\n<li>Understand Microsoft\u2019s identity security layers<\/li>\n\n\n\n<li>Prepare for Conditional Access (Day-5)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1\ufe0f\u20e3 Password Policies &amp; Sign-In Protection<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd27 Admin Steps<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open <strong>Microsoft Entra Admin Center<\/strong><\/li>\n\n\n\n<li>Go to<br><strong>Identity \u2192 Protection \u2192 Authentication methods<\/strong><\/li>\n\n\n\n<li>Select <strong>Password protection<\/strong><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd0d What to Review<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Password length &amp; complexity<\/li>\n\n\n\n<li>Banned password list<\/li>\n\n\n\n<li>Smart lockout threshold<\/li>\n\n\n\n<li>Lockout duration<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udde0 Admin Reality<\/h3>\n\n\n\n<p>These settings silently protect tenants from:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Password spray attacks<\/li>\n\n\n\n<li>Brute-force attempts<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2\ufe0f\u20e3 Multi-Factor Authentication (MFA) \u2013 Hands-On<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd27 Enable MFA for a User<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Entra Admin Center<\/li>\n\n\n\n<li><strong>Users \u2192 All users<\/strong><\/li>\n\n\n\n<li>Select a test user<\/li>\n\n\n\n<li>Click <strong>Authentication methods<\/strong><\/li>\n\n\n\n<li>Enable <strong>MFA<\/strong><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udc64 User Experience Test<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sign in as test user<\/li>\n\n\n\n<li>Register Microsoft Authenticator<\/li>\n\n\n\n<li>Verify MFA prompt during login<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udde0 Admin Insight<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA is <strong>mandatory for admins<\/strong><\/li>\n\n\n\n<li>Optional for users (until enforced by policy)<\/li>\n\n\n\n<li>Reduces account compromise by ~99%<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3\ufe0f\u20e3 Security Defaults \u2013 Practical Understanding<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd27 Check Security Defaults Status<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Entra Admin Center<\/li>\n\n\n\n<li><strong>Identity \u2192 Properties<\/strong><\/li>\n\n\n\n<li>Click <strong>Manage security defaults<\/strong><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccc What Security Defaults Enforces<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA for admins<\/li>\n\n\n\n<li>MFA for risky sign-ins<\/li>\n\n\n\n<li>Blocks legacy authentication<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u26a0 Admin Note<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Once Conditional Access is enabled, Security Defaults must be turned OFF.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4\ufe0f\u20e3 Identity Protection \u2013 Risk Visibility<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd27 Portal Navigation<\/h3>\n\n\n\n<p><strong>Entra Admin Center \u2192 Identity \u2192 Protection \u2192 Identity Protection<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcca What You Can Monitor<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Risky users<\/li>\n\n\n\n<li>Risky sign-ins<\/li>\n\n\n\n<li>Risk levels (Low \/ Medium \/ High)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udde0 Real-World Scenario<\/h3>\n\n\n\n<p>If Microsoft detects leaked credentials:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>User marked as \u201cHigh Risk\u201d<\/li>\n\n\n\n<li>Admin forces password reset<\/li>\n\n\n\n<li>Sign-in can be blocked<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5\ufe0f\u20e3 Admin Security Best Practices (Very Important)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd10 Best Practices<\/h3>\n\n\n\n<p>\u2714 Separate admin &amp; user accounts<br>\u2714 MFA for all privileged roles<br>\u2714 Least privilege principle<br>\u2714 Monitor sign-in logs regularly<br>\u2714 Remove unused admin roles<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfaf Interview Question<\/h3>\n\n\n\n<p><strong>Q:<\/strong> Why not use Global Admin daily?<br><strong>A:<\/strong> If compromised, attacker gets full tenant access.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 End of Day-4 Outcome<\/h2>\n\n\n\n<p>After Day-4, you can:<br>\u2714 Secure identities created on Day-3<br>\u2714 Explain MFA &amp; identity risk clearly<br>\u2714 Understand Microsoft security layers<br>\u2714 Prepare confidently for Conditional Access<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\ud83d\udcc5 DAY-5 PREVIEW (NEXT DAY PLAN)<\/h1>\n\n\n\n<p><strong>Day-5: Conditional Access \u2013 Real Security Controls<\/strong><\/p>\n\n\n\n<p>We will configure:<br>\ud83d\udd39 Conditional Access policies<br>\ud83d\udd39 MFA enforcement for users<br>\ud83d\udd39 Location-based access rules<br>\ud83d\udd39 Device-based conditions<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Series: 30 Days of Microsoft 365 AdminAuthor: Jaspreet Singh \ud83c\udfaf Day-4 Objective After creating users and assigning roles (Day-3), today\u2019s goal is to: 1\ufe0f\u20e3 Password Policies &amp; Sign-In Protection \ud83d\udd27 Admin Steps \ud83d\udd0d What to Review \ud83e\udde0 Admin Reality These settings silently protect tenants from: 2\ufe0f\u20e3 Multi-Factor Authentication (MFA) \u2013 Hands-On \ud83d\udd27 Enable MFA for\u2026 <span class=\"read-more\"><a href=\"https:\/\/myallcodes.in\/index.php\/2026\/01\/05\/day-4-security-foundations-protecting-identities-in-microsoft-365\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-342","post","type-post","status-publish","format-standard","hentry","category-power-shell-scripts"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/posts\/342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/comments?post=342"}],"version-history":[{"count":1,"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/posts\/342\/revisions"}],"predecessor-version":[{"id":343,"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/posts\/342\/revisions\/343"}],"wp:attachment":[{"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/media?parent=342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/categories?post=342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/myallcodes.in\/index.php\/wp-json\/wp\/v2\/tags?post=342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}