Mastering Microsoft 365 Administration: The checklist
Following settings are considered to be checked / validated:
1. Entra ID Settings
-
Admin Accounts
π Use named accounts or at least know who is (single person) using the account
π Use break glass admin accouts (BGA); theyβre the last resort to get access to a tenant. BGA are ecluded from any DA plicies and are only used in case of emergency; create alerts for usage of high privilege accounts
π restrict guest invite settings to moset restrictive setting
π make sure that you have Β«Terms of useΒ» (properly) set up -
Users Settings
π Use privileged administrative workstations (PWA) for administrative access to Microsoft 365
π enforce MFA for all users
π disable the ability for users to register applicationsy
π restrict guest users access to the most restrictive setting -
CA for Admin Accounts, User Accounts, Zero Trust π restrict acceess to suggested personas for CA: Internals, Externals, Admins, Developers, Guests, Guest Admins, Services Accounts, Workload Identities
-
Applications (Enterprise Apps, App Registrations)
π Document the usage of your application (ownership, lifecycle, description)
2. Microsoft 365 Admin Center
-
Integrated Apps
π Make sure that you enable only approved apps within the tenant, block any other app and nay future app -
Org Settings
π Disallow these settings: Excahnge Calendar Sharing, User Owned Apps, Bookings, Forms, Graph Data Connect, Microsoft 365 Groups, Modern Authentication, Microsoft 365 Web, Viva Learning, Whiteboard -
Collaboration Settings (SPO, OD4B, Teams)
π Restrict: Sharing Settings, Device Restrictions, App Store, Policies
3. Power Platform Settings
- On-premises Data Gageway
- Environment Management
- Self Service Licensing
π Disable the βtrialβ experience to the end user by usingGet-AllowedContestPlansfrom PowerApps PowerShell - Connectors π consider a Data Loss rpevention policy level to restrict data using