Views:

 

Purpose

Reduce risk in customer tenants by proactively validating identity controls, privileges, and monitoring—so security issues are detected and addressed before they become incidents.

  • Enable and register multifactor authentication (MFA) for every account (especially admins)

     

  • Regularly review subscriptions, resources, and services for unexpected provisioning.

    • Use Azure Cost Management anomaly alerts to detect unexpected consumption spikes.

       

  • Review and minimize access privileges and delegated permissions (least privilege).

  • Harden and continuously monitor tenant administrator accounts.

  • Review service-provider access (B2B, GDAP/DAP, and local accounts) and remove what is not required.

  • Audit Microsoft Entra sign-ins and configuration changes for suspicious activity.

  • Confirm log availability and retention (what you collect, where it is stored, and for how long).

 

Review these controls at least quarterly (and after major tenant changes). Use Microsoft Learn as the authoritative reference: Customer security best practices (Microsoft Learn)

 

 

Keywords: MFA, identity controls, privileges, monitoring, tenant security, least privilege, Azure Cost Management, Microsoft Entra, security best practices