Microsoft Entra Recommendations adds several more for better user security

Microsoft Entra is the corporation’s solution for business and enterprise, providing secure methods for companies to establish their digital signing-up and identification system for their employees. Recently, Microsoft revealed a few Entra updates aimed at enhancing security and safety monitoring.

As stated in the official Microsoft Entra blog, the latest update includes the addition of more Microsoft Entra Recommendations that are now available either as public previews or in general. These recommendations are run every day to provide information to company IT members and prompt them to address any necessary issues.

The latest Entra Recommendations comprise of:

• Remove unused credentials from applications
• Renew expiring service principal credentials
• Renew expiring application credentials
• Remove unused applications

Furthermore, there are two additional Entra Recommendations related to the Azure AD Graph service, which was declared deprecated in 2020 and is currently in its retention phase. These two new Entra Recommendations will notify IT personnel to transfer applications from Azure AD Graph to Microsoft Graph, as well as prompt them to migrate service principals that have recently utilized Azure AD Graph APIs to Microsoft Graph.

Microsoft has made additional enhancements to Entra Recommendations’ Identity Secure Score, which provides a percentage indicating a tenant’s level of alignment with Microsoft’s recommendations. In public preview, Microsoft has introduced a new Secure Score recommendation.

Protect your tenant with Insider Risk policy: Implementing a Conditional Access policy that blocks access to resources for high-risk internal users is of high priority due to its critical role in proactively enhancing security, mitigating insider threats, and safeguarding sensitive data in real-time.

In addition, Microsoft has several other Entra Recommendations that pertain to Secure Score:

• Enable password hash sync if hybrid
• Protect all users with a user risk policy
• Protect all users with a sign-in risk policy
• Use least privileged administrative roles
• Require multifactor authentication for administrative roles
• Ensure all users can complete MFA
• Enable policy to block legacy authentication
• Designate more than one Global Admin
• Do not expire passwords
• Enable self-service password reset
• Do not allow users to grant consent to unreliable applications

In their blog post, Microsoft announced that Entra Recommendations will eventually offer email notifications to inform users of new recommendations.