Entra ID

Have you considered…?

• MFA baseline. Is MFA required for all user accounts with exceptions only where justified (break-glass, service)?
• Conditional Access coverage. Do policies cover all users, apps, and risky scenarios (impossible travel, unfamiliar sign-ins)?
• Legacy authentication. Is basic/legacy auth fully blocked to prevent password spray and token replay?
• Admin role hygiene. Who has standing Global Admin? Are roles right-sized and elevation audited?
• Break-glass account. Do you have a tested, documented break-glass with safe storage and alerting?
• Guest & app consent. Can guests and apps get in by default, or do you have purposeful guardrails?

Why this matters

Identity is the perimeter. Clean defaults, least-privilege roles, and targeted Conditional Access cut off entire classes of attacks and make reviews faster because the baseline is clear and documented.

How I help

• Secure baseline. Require MFA; block legacy auth; sensible session controls; risky sign-in protections.
• Role cleanup. Remove standing Global Admin, map roles to duties, and set you up for PIM/elevation workflows.
• Break-glass readiness. Create, verify, and document a true emergency account with a quarterly test note.
• Guest & app governance. Guest settings, consent policies, and admin consent workflow that won’t block business.
• Documentation. Clear “why we did it” notes and a simple runbook you can maintain.

Email Bert See Services

Related

Email (Exchange Online) · SharePoint & OneDrive · Teams