The Azure AD Best Practices Checklist

Back to Blog
01Jul2019

The Azure AD Best Practices Checklist

Update: Downloadable/printable copies of the Microsoft 365 Best practices checklists and guides are now available. Thanks for your support!

Disclaimer: This checklist is NOT a comprehensive overview of every consideration when implementing Azure AD. For instance, the list was built with a typical SMB/SME in mind. That means there is no discussion of separating admin roles and limiting privilege based on task/functions, or PIM, or any of those features which typically show up in larger enterprise organizations, who actually have teams of people managing the environment. But, I did include a couple extra bullet points for E5 customers to consider at the end of this list, just in case.

I have been working on additional resources for the community, but I wanted to focus on email initially since:

  1. Exchange Online is the most widely adopted service in Office 365
  2. Email is still the most common attack vector

Today I have a new resource which focuses on Azure AD (and of course every application in Microsoft 365 depends on this service for identity).

In the guide, I walk you through several settings in the Azure AD admin center which I think should be modified or at least carefully considered when implementing new tenants (or sprucing up older ones).

Below is summary of the items included in the Azure AD setup checklist:

These are the global settings I think should be considered when implementing any new tenant (for the SMB).

*These features are still in preview, use preview features at your own risk.

BONUS: E5 subscribers, I decided to update this article with just a couple of extra bullet points, that you should look at. Not included in my published checklist, however.

Technical , , , , , , 2 Comments
Share:

Comments (2)

  • Gavin Stone Reply

    Great post as always Alex, I’ve taken a number of ideas from this to implement in our own setup process. Thank you!

    July 1, 2019 at 4:12 pm
  • Tore Jacobsen Reply

    Great guides. Nice, consistent layout and to the point. Keep on keeping on.
    Thanx

    August 26, 2019 at 4:56 am

Leave a Reply

Back to Blog

Related Posts

20Jun

A framework for implementing device-based Conditional access with Microsoft Intune

I recently shared a set of scripts to help make deployment of Intune a bit quicker. Today I just want to cover a framework which can be used for deploying device-based conditional access in conjunction with your baseline policy set. The main crux of the... read more
09May

Scripting with ISE: Adding New LUNs, part 1

In this series, we are getting familiar with Windows PowerShell ISE. My hope is that thru working in this application, more IT professionals will come to view PowerShell as a truly accessible (and indispensable) tool. Remember that the point of technology should include making your job... read more
14Jan

Protect messages and documents in Microsoft 365 Business with AIP, part 2: AIP labels

Azure Information Protection (AIP) uses “labels” to classify and protect data. Labels are published to end users for eventual consumption and use through a “policy.” In the olden days, applying permissions and restricting access to files was more rudimentary—again, it was based on the concept of the... read more
26Jun

Password sync in the age of COVID-19

This is something I have been seeing and hearing a lot from customers. So I thought it would be a good time to address the age-old topic of Directory Synchronization. Azure AD Connect is usually the best way to get up and running quickly in... read more
15Jun

Implementing the ACSC Essential 8 with Microsoft 365

I have had this request on my backburner for a while, and I finally got around to knocking it out: from a reader in the Land Down Under--Australia! Update: Microsoft has a much-improved set of Learn articles on the Essential Eight, with detailed guidance on implementing... read more
30Jun

Troubleshooting weird Azure AD Join issues

If you are starting to do more Azure AD Join (or disjoin/rejoin) operations, you may run into some issues at times where the computer reports an error. These can take several forms, but generally the message is, "Sorry dude, but you can't join/register this device." Here... read more
18May

Free Microsoft 365 Security Assessment Tool based on CIS Controls

Note: I have updated this workbook to reflect changes in v8 of the CIS Controls framework. Please see this post for more details. Update: I also offer a course on implementing the CIS Controls. Included with this course is an expanded assessment workbook (to include all... read more
16Jul

How to bundle even more security into your Office 365 subscription

In a previous post, I covered some of the most common SKU's that are frequently purchased by small businesses, who are migrating to the Office 365 platform. In a nutshell, by FAR the most common of those are Office 365 Business Premium and Office 365... read more
19Oct

Azure Virtual Network: What is the difference between Policy-based and Route-based VPN?

You want to configure a Site-to-Site (S2S) VPN tunnel from an on-premises hardware VPN device, such as your firewall, and an Azure Virtual Network. For this, you require several objects in Azure. One of those is a "virtual network gateway"--which is basically just a software... read more
16Feb

Hyper-V Failover Cluster: Basic Setup

I have previously shared a slightly more complex method for configuring a simple 2-node failover cluster, involving a converged Hyper-V virtual switch, with QoS policies and so forth to manage traffic on the Management, CSV and Live Migration networks. However, there is another config I wanted to... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me