The Azure AD Best Practices Checklist

Back to Blog

The Azure AD Best Practices Checklist

Update: Downloadable/printable copies of the Microsoft 365 Best practices checklists and guides are now available for purchase at GumRoad. Thanks for your support!

Disclaimer: This checklist is NOT a comprehensive overview of every consideration when implementing Azure AD. For instance, the list was built with a typical SMB/SME in mind. That means there is no discussion of separating admin roles and limiting privilege based on task/functions, or PIM, or any of those features which typically show up in larger enterprise organizations, who actually have teams of people managing the environment. But, I did include a couple extra bullet points for E5 customers to consider at the end of this list, just in case.

I received a lot of positive feedback for recent publications including the Office 365 Email Security Checklist and my recent guide on Recommended Conditional access policies. Several people have asked about similar guidance for provisioning and fine-tuning other Microsoft 365 services, too.

I have been working on additional resources for the community, but I wanted to focus on email initially since:

  1. Exchange Online is the most widely adopted service in Office 365
  2. Email is still the most common attack vector

Today I have a new resource which focuses on Azure AD (and of course every application in Microsoft 365 depends on this service for identity).

In the guide, I walk you through several settings in the Azure AD admin center which I think should be modified or at least carefully considered when implementing new tenants (or sprucing up older ones).

Furthermore, I have updated the Recommended Conditional access policies in conjunction with this release. The new policy design includes a couple of subtle but critical adjustments worth considering, so be sure to review that as well.

Here is the complete kit:

Below is summary of the items included in the Azure AD setup checklist:

These are the global settings I think should be considered when implementing any new tenant (for the SMB).

*These features are still in preview, use preview features at your own risk.

BONUS: E5 subscribers, I decided to update this article with just a couple of extra bullet points, that you should look at. Not included in my published checklist, however.

Comments (2)

  • Gavin Stone Reply

    Great post as always Alex, I’ve taken a number of ideas from this to implement in our own setup process. Thank you!

    July 1, 2019 at 4:12 pm
  • Tore Jacobsen Reply

    Great guides. Nice, consistent layout and to the point. Keep on keeping on.
    Thanx

    August 26, 2019 at 4:56 am

Leave a Reply

Back to Blog

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.