• Home
  • About Us
  • Contact Us
  • Privacy Policy
  • Special Offers
Business Intelligence Info
  • Business Intelligence
    • BI News and Info
    • Big Data
    • Mobile and Cloud
    • Self-Service BI
  • CRM
    • CRM News and Info
    • InfusionSoft
    • Microsoft Dynamics CRM
    • NetSuite
    • OnContact
    • Salesforce
    • Workbooks
  • Data Mining
    • Pentaho
    • Sisense
    • Tableau
    • TIBCO Spotfire
  • Data Warehousing
    • DWH News and Info
    • IBM DB2
    • Microsoft SQL Server
    • Oracle
    • Teradata
  • Predictive Analytics
    • FICO
    • KNIME
    • Mathematica
    • Matlab
    • Minitab
    • RapidMiner
    • Revolution
    • SAP
    • SAS/SPSS
  • Humor

Keep your Microsoft Dynamics 365 CRM Data Secure – Azure AD Best Practices After MFA – Part 1

April 4, 2021   Microsoft Dynamics CRM

Your Microsoft Dynamics 365 CRM is a database packed with invaluable information on your business.  It deserves the best protection you can provide. From prospects, customers and service issues, purchasing, and so much more, your business can’t function without this information. A security breach that puts this data in the wrong hands would be nothing short of devastation.  

While your everyday CRM users are probably focused on serving or selling, they’re probably not thinking about their every action as it relates to security. Setting up Multi-Factor Authentication (MFA) with Microsoft Azure AD is a great first step, but there are other best practices that can maximize your organization’s data security in the cloud while still providing an end user experience that promotes productivity. 

Screen Shot 2021 03 31 at 3.49.58 PM e1617388125722 625x446 Keep your Microsoft Dynamics 365 CRM Data Secure – Azure AD Best Practices After MFA – Part 1

Eric Raff, Cloud Practice Director at JourneyTEAM, in a presentation hosted by buckleyPLANET to the Utah SharePoint User Group (UTSPUG) and Microsoft User Group (MUGUT), shared the top 10 security tips and considerations after you’ve rolled out MFA in your Microsoft Dynamics 365 tenant. Raff is a 25+ year expert in Identity and Access Management in Microsoft 365 and Windows Azure. 

This is a two-part blog. In Part 1 we cover first five of the top 10 Microsoft Dynamics 365, Windows Azure and Microsoft Cloud Services security tips after you’ve deployed MFA. Many of the security steps involved with these best practices require that you have Azure ADP2 or the Microsoft Enterprise Mobility + Security (EM+S) mobility management and security platform. 

1. Azure Portal Settings: Two Suggestions

Log into portal.azure.com and check on these two settings:  

  • Go to “User Settings.” You should restrict access to the Azure AD Administration Portal — to do this, make sure this is set to “Yes.” 
  • Also, check out the name of your tenant. This will show up whenever there is a Microsoft OneDrive sync integration. Make sure it is relevant!  

Top 10 welcome 625x456 Keep your Microsoft Dynamics 365 CRM Data Secure – Azure AD Best Practices After MFA – Part 1

2. Set Restrictions on Guest User Access

Do you know how many guest accounts you have in your tenant? If you don’t know the exact number, you should at least be aware of where you can find out. The default External Sharing Setting is “Allow guests to share items they don’t own,” meaning sharing content with anyone can be done anonymously, including guests. Your guests can also invite other guests.  This is an ideal area to create some restrictions. Thankfully, “Restrict access to the Azure AD Administration portal” is “no” by default! 

The Identity Governance solution in Azure AD P2 can set restrictions on guest accounts with Access Packages and Access Reviews.   

Access Package 

  • In the Azure AD Portal, click “Identity Governance” > “Settings.” 
  • Select what happens when an external user that was added to your directory through an Access Package request loses their last assignment under “Manage the lifecycle of external users.” 
  • This allows you to block external users from signing into the directory and will remove an external user after a set number of days. This only works if the guest account came in via an Access Package. 

Access Review Policy 

  • From the Azure AD Portal, click “Identity Governance” > “Access Review.” 
  • To create a new Access Review: 
  • Select what to review by “Teams + Groups,” or “Applications.” 
  • Select a specific group, e.g., “All Guests.”  
  • Select a review scope: “Guest Users Only.” 
  • Adjust the settings to your preference. You can set up a policy that ensures guest access only to those that truly need it. Your policy could put the responsibility on the users to review their access. If they don’t respond to a review request in a specific amount of time, they may be blocked from signing in for 30 days, then later removed from the tenant.  
  • At myaccount.microsoft.com you can self-manage your guest account in other directories as well as completely delete guest accounts you don’t use. Go to “Organizations” and click “Leave Organization.”  

3. Manage Consent and Permissions for Enterprise Apps

Cyber criminals now use fake enterprise apps to gain access by convincing you into consent. New functionality in the Azure Active Directory Microsoft 365 environment allows for greater consent governance.  

  • Head to “Enterprise Apps” > “Consent and Permissions.” 
  • Here you can manage user consent and permissions from verified publishers. 
  • Once an app is a verified publisher and you set up the permissions, users will only be able to consent to those actions. 

Next, check the user settings under “Admin consent requests (Preview).” 

  • Change “Users can request admin consent to apps they are unable to consent to,” to “Yes.” 
  • Click “Select users to review admin consent requests” and select an appropriate Admin (should be Global, Application or Cloud Application Administrator) who will be notified and make the decision to allow or reject consent.  

A last note, if you as a Global or an Enterprise App Administrator ever see a “permissions requested” box with the option to consent on behalf of your organization, proceed with caution. You will be consenting for everyone in the tenant and should be sure about this decision.  

4. Block Legacy Protocols 

Hundreds of spray attacks can happen every hour that target legacy protocols such as SMTP, IMAP, POP, Active Sync, Outlook Anywhere (RPC over HTTP), and older Office clients, such as 2010 and 2013.  

Identify who is using legacy protocols in the environment: 

  • Log into the Azure AD portal (portal.azure.com). 
  • Click to “Sign-Ins” > “Monitoring.” 
  • Make sure you have the new experience turned on. 
  • Click “Add Filter” > “Client App” > “Apply.” 
  • You can then review the client apps and see a list of Legacy Authentication as well as review the successful and failed attempts. 

Now you have what you need to build a Conditional Access (CA) policy to block access.  

  • Navigate to “Security” > “Conditional Access” > “Classic Policies.” 
  • Here you can create a new policy that blocks legacy protocols. Be sure it targets all users (except your “break glass” account). 
  • Go to “Conditions” > “Client Apps” > “Legacy Authentical Clients.
  • Set access controls to “Block Access”

5. Check Your Security Defaults

Before following this tip, be aware that using Security Defaults is only suggested if:  

  • No Conditional Access policies are enabled in your environment. 
  • You don’t need fine-grained control over access and authentication. 
  • Your organization is relatively small. 

Microsoft’s Security Defaults are basic recommendations for identify security mechanisms and provide a great baseline of features, but you should still consult an expert to confirm if Security Defaults is the right choice for your organization. 

To turn on defaults: 

  • From the Azure AD Portal, go to “Properties.” 
  • Make sure that Security Defaults is set to “Yes.” 

What Security Defaults activate or enforce:  

  • Requires all users to register for Azure MFA.  
  • Administrators must perform MFA. 
  • Blocks legacy authentication protocols. 
  • Users must perform MFA when risky activity is detected. 
  • Access to the Azure Portal and other “privileged” activities will be protected.  

Be sure that “Users can use the combined security information registration experience” is turned on. 

Read the full article.

Click here to continue and read up on tips 6 – 10!  

NEXT STEPS:

  1. Join a free consultation and ask all the questions you wish.
  2. Plan your Deep Dive meeting – Get your organization’s Customized Solutions presentation.

Jenn Alba JourneyTEAM 625x625 Keep your Microsoft Dynamics 365 CRM Data Secure – Azure AD Best Practices After MFA – Part 1Article by:Jenn Alba – Marketing Manager – 801.938.7816

JourneyTEAM is an award-winning consulting firm with proven technology and measurable results. They take Microsoft products; Dynamics 365, SharePoint intranet, Office 365, Azure, CRM, GP, NAV, SL, AX, and modify them to work for you. The team has expert level, Microsoft Gold certified consultants that dive deep into the dynamics of your organization and solve complex issues. They have solutions for sales, marketing, productivity, collaboration, analytics, accounting, security and more. www.journeyteam.com

Let’s block ads! (Why?)

CRM Software Blog | Dynamics 365

after, Azure, Best, data, Dynamics, Keep, Microsoft, Part, Practices, Secure
  • Recent Posts

    • Accelerate Your Data Strategies and Investments to Stay Competitive in the Banking Sector
    • SQL Server Security – Fixed server and database roles
    • Teradata Named a Leader in Cloud Data Warehouse Evaluation by Independent Research Firm
    • Derivative of a norm
    • TODAY’S OPEN THREAD
  • Categories

  • Archives

    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • September 2015
    • August 2015
    • July 2015
    • June 2015
    • May 2015
    • April 2015
    • March 2015
    • February 2015
    • January 2015
    • December 2014
    • November 2014
© 2021 Business Intelligence Info
Power BI Training | G Com Solutions Limited