You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/security-center-identity-access.md
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.devlang: na
11
11
ms.topic: conceptual
12
12
ms.tgt_pltfrm: na
13
13
ms.workload: na
14
-
ms.date: 03/06/2020
14
+
ms.date: 03/16/2020
15
15
ms.author: memildin
16
16
---
17
17
@@ -24,14 +24,16 @@ When Security Center identifies potential security vulnerabilities, it creates r
24
24
25
25
The security perimeter has evolved from a network perimeter to an identity perimeter. Security becomes less about defending your network and more about defending your data, as well as managing the security of your apps and users. Nowadays, with more data and more apps moving to the cloud, identity becomes the new perimeter.
26
26
27
-
By monitoring identity activities, you can take proactive actions before an incident takes place or reactive actions to stop an attack attempt. Examples of recommendations you might see on the **Identity and access** resource security section of Azure Security Center include:
27
+
By monitoring identity activities, you can take proactive actions before an incident takes place, or reactive actions to stop an attack attempt. For example, Security Center might flag deprecated accounts (accounts that are no longer needed, and blocked from signing in by Azure Active Directory) for removal.
28
+
29
+
Examples of recommendations you might see on the **Identity and access** resource security section of Azure Security Center include:
28
30
29
31
- MFA should be enabled on accounts with owner permissions on your subscription
30
32
- A maximum of 3 owners should be designated for your subscription
31
-
- Deprecated accounts should be removed from your subscription
32
33
- External accounts with read permissions should be removed from your subscription
34
+
- Deprecated accounts should be removed from your subscription
33
35
34
-
For a full list of the recommendations you might see here, see [Identity and Access recommendations](recommendations-reference.md#recs-identity).
36
+
For more information about these recommendations as well as a full list of the recommendations you might see here, see [Identity and Access recommendations](recommendations-reference.md#recs-identity).
35
37
36
38
> [!NOTE]
37
39
> If your subscription has more than 600 accounts, Security Center is unable to run the Identity recommendations against your subscription. Recommendations that are not run are listed under "unavailable assessments" below.
@@ -51,7 +53,7 @@ All of the identity and access recommendations are available within two security
51
53
52
54
Enabling MFA requires [Azure Active Directory (AD) tenant permissions](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles).
53
55
54
-
- If you have a premium edition of AD, enable MFA using using [conditional access](https://docs.microsoft.com/azure/active-directory/conditional-access/overview).
56
+
- If you have a premium edition of AD, enable MFA using [conditional access](https://docs.microsoft.com/azure/active-directory/conditional-access/overview).
55
57
56
58
- Users of AD free edition can enable **security defaults** in Azure Active Directory as described in the [AD documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) but the Security Center recommendation to enable MFA will still appear.
0 commit comments