A company deploys Microsoft Azure AD. You run the Identity Secure Score report. The report displays five security items.
Which three security items on the report have the most impact on the score? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
The three security items on the Identity Secure Score report that have the most impact are: Enabling a policy to block legacy authentication, which helps prevent outdated and less secure authentication methods; requiring multi-factor authentication for all users, which adds an additional layer of security by requiring another form of verification beyond a password; and setting passwords to never expire, which reduces the risk associated with users reusing or choosing weak passwords after frequent expiration prompts. These measures significantly enhance overall security posture by addressing key vulnerabilities.
(MAX SCORE for each in brackets) A. Enable policy to block legacy authentication. (20) B. Enable user risk policy or sign-in policy. (Both have 30) C. Require multi-factor authentication for all users. (30) D. Delete/block accounts not used in last 30 days. (1) E. Do not expire passwords. (10) So Correct Answer is : ABC (Ref: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score See Max score column for each)
A C E if looking to your link : https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score
yes first picture is showing answer: ACE
ABC based on https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score?view=o365-worldwide
I see a lot of doubts and different answers (looking at other dumbs that signal A B C as answer) so i logged in my security center and organized actions by %. Multi factor autentication is indeed first ( A ) Enable policy to block legacy authentication is second (b) Do not expire passwords with about 11% ends up third (c) Enable user risk policy or sign-in policy was right below the password expire at 10% so answer is confirmed A C E as of 23/08/2022
A. Enable policy to block legacy authentication. (8 point) B. Enable user risk policy or sign-in policy. (7 point) C. Require multi-factor authentication for all users. (9 point) D. Delete/block accounts not used in last 30 days. (N/A) E. Do not expire passwords. (8 point)
ABC is correct
I just checked in our secure score at my MSP, its ACE. MFA for all users: 3.14% Block legacy: 2.79% Passwords never expire: 2.79% User Risk: 2.44% Block/delete users isnt even listed anymore. I assume this question is very old.
Score impact: ACE Enable policy to block legacy authentication - 14.29% Require multi-factor authentication for all users - 17.86% Do not expire passwords - 14.29%
THIS is the real Anwar , got it from GPT-4. Require multi-factor authentication for all users (worth 20 points). Enable policy to block legacy authentication (worth 10 points). Enable user risk policy (worth 10 points)
The three security items on the report that have the most impact on the Identity Secure Score are: A. Enable policy to block legacy authentication: This is an important security measure to prevent older, less secure authentication methods from being used, reducing the risk of unauthorized access to user accounts. B. Enable user risk policy: This security measure helps to identify high-risk user activities, such as failed login attempts or suspicious IP addresses, and take appropriate action to prevent unauthorized access. C. Require multi-factor authentication for all users: This security measure adds an extra layer of protection by requiring users to provide additional authentication factors, such as a code sent to their mobile device or a fingerprint scan, in addition to their password. Therefore, options A, B, and C are the correct answers. Options D and E are also important security measures but have less impact on the Identity Secure Score compared to the other three options.
As per Endra Identity Secure Score July 2024: Ensure multifactor authentication is enabled for all users 16.07% Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)' 14.29% Enable Conditional Access policies to block legacy authentication 14.29%
As per Endra Identity Secure Score July 2024: Ensure multifactor authentication is enabled for all users 16.07% Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)' 14.29% Enable Conditional Access policies to block legacy authentication 14.29%
So, ACE
Here's a list of some of the security controls that are included in the Azure AD Identity Secure Score report, along with their maximum point values: Require MFA for administrative roles (50 points) Require MFA for users accessing sensitive data (30 points) Enable password hash synchronization (10 points) Enable Azure AD Multi-Factor Authentication (10 points) Enable self-service password reset (10 points) Enable policy to block legacy authentication (10 points) Enable user risk policy (10 points) Delete/block accounts not used in last 30 days (10 points) Configure Azure AD sign-in risk policy (8 points) Enable risk-based Conditional Access policies (8 points) Note that the point values for each control may vary depending on the specific implementation and configuration of Azure AD in your organization. Additionally, not all security controls are enabled by default, and some may require additional configuration or licensing to use.
ACE, as per screenshot in https://www.rozemuller.com/monitor-identity-secure-score-security-improvement-action-status/
Require MFA: 8,4% Do note expire PW: 6,72% Enable prolicy to block legacy authentication: 6,72% Turn on sigh-in risk policy: 5,88% --> So A C E
See the link https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score
ABC is correct
My trial tenant as of 12/2021 shows that 'do not expire passwords' is worth more than 'user risk policy' therefore A C E are the answers : B. Turn on user risk policy +5.6% E. Do not expire passwords +6.4%