Check for these settings on AdminCenter – https://admin.microsoft.com
- CoPilot Agents for everybody (like Enterprise apps restricted, but still…)
Settings – Integrated Apps – Available Apps – klick on the gear sign on the right - Self-service trials and purchases (had this disabled, so please don`t by default add new stuff as available – maybe add a switch so i can set my default maybe ?)
Settings – Org Settings – Self-service… (re-check by-monthly to be safe) - not really new, but WHYYYYY ?
Spamming users by default with: Microsoft communication to users – desensitized much for Phishing e.g. ?
Settings – Org Settings – Microsoft communication to users
Check for these settings on Entra ID – https://entra.microsoft.com
- Creating new tenants
Users – User settings – Restrict non-admin users from creating tenants – set to NO ?!? - LIKE every other switch here is non-secure by default
- Adding Global administrator role to local admin
Yeah, go ahead – never heard of MimiKatz – please, never ever login with a globaladmin on a client, that`s like driving to LIDL/ADLI with your Lamborghini for grocery shopping – use LAPS instead
Can`t understand why Microsoft decides to put stuff out there this way
It isn`t just money, money is not a factor for the GlobalAdmin as Local Admin switch. What is it then ?
I HAVE NO CLUE – can somebody help me – DM me please..
On the other hand, like a barber – as MSP we don`t complain about additional work – but usually not when it comes with serious securityrisks and governanceissues.
What can we do as MSP or direct customers ?
Just keep on your toes, check and re-check regularly and maybe register for newsletters like the one from Merill Fernando on https://entra.news/.
Get in contact with your MSP, to implement a strategy for checking periodically your tenant for soft spots.
Remember: when you`ve done this just last year – it`s now the time to do it again (a lot of stuff changed and came in red hot)
