Lock down your Office 365 Tenant MFA ASAP

Introduction to Office 365 security and hacker tactics today we're going to talk about something important it's essentially Office 365 security for your users if you manage or take care of any form of Office 365 tenant we're going to go over how to lock down the tenant real quick There's A New Concept that you can actually do we're finding that hackers will end up going into an user's account after they somehow provide their password email and their multiactor authentication code to the actual hacker and it could be that the hacker is proxying a page and causing the user to see that this looks like a Microsoft site but the user doesn't look at the actual uh link or the address in the address bar and so they type in the username the password and then Microsoft sends a six-digit code and then they give the six-digit code essentially to the hacker first thing the hacker usually does they don't have to obviously they can look around and check on things and start reading all your information which is horrible but at that point they usually go and register a brand new multiactor authentication method that could be another text cell phone code or another Microsoft authenticator we're going to go ahead Locking down MFA settings and user interaction with admins and lock that down so that the hackers can't do that and we will also work on showing you what the user will see and essentially by doing this the user will have to you know more than likely talk to an administrator when they get a new device but what we find is that there we manage a lot of users and it doesn't happen of confidence usually when a new hire is hired we'll punch in their cell phone number to the MFA portal to make sure that they get a text code or we'll just walk them through and show them how to use Microsoft authenticator get that set up and so it shouldn't really happen that often that a user is going to need that really it's going to be when let's say they buy a brand new cell phone or uh somehow which we don't see it often is change their phone number so we're going to get into it right now so now Setting up a demo tenant and logging into Office 365 admin portal here we're at the Office 365 login we went ahead and set up a demo tenant for you guys so you can see everything from A to Z for the setup for this account we're going to go ahead and log in with the admin credentials of The Office 365 portal we're also going to connect here with the multiactor authentication and then connect right in and the next step here is to go to the admin Center inside of The Office 365 portal here and as you can see we do have some test users loaded up in the system on the left side Navigating to Identity and creating a group to block MFA changes we're going to go to Identity which is the new entra portal here and once we get into here we're going to go ahead on the left side and click on groups and then we're going to go ahead and go to all groups as well as you can see now you'll see the whole list appear we're just going to Simply create a new group now you have the option to create this group on site if you do do active directory resynchronization but for this demo you know we're going to mention that you can do it either spot you just have to create the group and then sync it but we called it block MFA changes something simple like that go ahead and select all the users now you don't have to pick all your users we probably do recommend it though uh you want to probably be a little careful with picking administrative users I don't even believe that it would work for them but uh you probably just want to select any end user in the list and what we'll also do here is we're going to have to pick a user for our example but we will just get everyone in there we're going to go to the next section after this after we hit create now that we're in the groups we're done with it we're going to go to protection on the left side and then go to conditional access under that and here we're going to create a brand new policy that is going Creating a conditional access policy to block MFA changes to help us actually block the users from logging in and changing their MFA so we'll go ahead and name this something similar as well and for users we have to click it and then on the right side include certain users in groups and select it and then we're going to find the block MFA changes so just like you see in the picture that's what we have to do for Target resources we have to hit this drop- down box and go to user actions and then select register security information so our goal is to block the user from registering security information now as you can see here we are not actually doing anything else inside of the network section or the conditions section we're going to go ahead and leave that all alone so you can see here it's all untouched but there's some more granularity you can set up here uh it's a little tough to see but on the right side after we click on grants we're going to click block Testing the policy by removing and re-adding a user access and we're going to leave it as it is and then we're going to turn on the policy immediately now we've this is a test tenant so you could always do report only and see how the reports come out but this is uh pretty self-explanatory here and we're only affecting the people that are in that group and we can always remove people from that group which is what's nice about this is that if you really want the user to be able to go in we can just remove them from the group and then the user can go in and manage their own MFA as they see fit and then you can go ahead and read them so the key here is to make sure that all new users that you create and or any users that you remove are read addded into the group so here we're going to go back and triple check here and as you see this note here we're just writing out that this group could be coming from on site ad with ad sync uh and so anytime you make changes obviously you want to continue syncing them if you are doing them with on-site active directory but that's just a reminder there and now for this group to actually test this we have to go in now and remove we'll use the first user here Adele Vance we'll will go ahead and remove her from the group and it says it's successfully removed so now she's gone and then she'll be our good test person that we can use in a another quick session here to check and see what uh happens so now that she's removed from the group we expected that she should be able to log in and have access Logging in as a test user to verify the policy just fine to the actual portal as herself so here we're going to sign in as another user we're going to log in as her punch in her email address and password and then also do her own MFA confirmation and now that we're in the tenant we're going to go over to the top right and click her name and we're going to click on view account in the top right and this is how user would go in to change their MFA or a hacker would do that as well in this instance if they hijack the account so now you can also go to my account account. microsoft.com as well if you'd like to go directly to this location to test it out for yourself and so we'll click on update info under security we'll also select the account again and we'll confirm that yes we can get here it shows a cell phone number and password details they're all right here so we know that she is now out of the group and she's able to modify it so now we'll go ahead and read her to the group for our test and then you'll see now her name does appear obviously doing this as the admin account and now we're switching back to the tab of her account and we're going to just uh refresh this real quick and then we're going to go to the top right again to click on the user's name and then we're going to click on view account to test this one more time and then you'll notice here we'll click on update info under security info and we'll make sure that we're using her account and it looks like it's about to work but it fails so hopefully if a hacker comes in they'll see this page and they'll be stuck but obviously it's always a big concern that we want to make sure the hackers don't get in hopefully this helps you please don't forget to like subscribe and turn on notifications for additional videos like this and make sure to leave a comment below if you have any other tips or tricks that you like to do or recommend to others that you found as a good tip there's so many different things you can do but this is a really critical item that we recommend doing as soon as possible thanks