The baseline security policy for Azure AD admin accounts has now been released for public preview!
According to statistics identity attacks have gone up by 300% in the last year. To help protect customers Microsoft are rolling out baseline protection. The baseline policy will be available by default to all Azure AD tenants and will require MFA for privileged Azure AD accounts. Attackers who gain control of privileged accounts can do severe damage to customer environments therefore Microsoft believe it is critical to protect these accounts first.
The following Azure AD roles are covered by this policy:
- Global administrator
- SharePoint administrator
- Exchange administrator
- Conditional access administrator
- Security administrator
While the preview is out Microsoft have made it easy to opt into it with their ‘one-click’ experience. Once this reaches the stage after general availability Microsoft have said this will be enabled by default however let users opt out when they want, Microsoft recommend that customers opt into this immediately.