However, the use of Conditional Access policies is more desirable for better control and therefore the security defaults are not applicable. When enabled (test tenant) it's enforcing MFA when trying to connect to Azure AD PowerShell. It seems impossible to enforce MFA and PowerShell without the use of global Azure AD setting “ Enable Security Defaults” enabled. So I try to enable at least MFA for the use of Azure AD PowerShell to downscale the security risks (compromised accounts and reconnaissance) but, I have the same problems. There is a Cloud app Microsoft Azure Management which can be used for Conditional Access policy, but is not including Azure AD PowerShell. ![]() ![]() For normal users without any Azure AD role, it's possible to read other user information in Azure AD PowerShell. I can't find any way to block access to Azure AD PowerShell with Conditional Access policy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |