Securing the Cloud: A Guide for Microsoft CSP Partners to Protect Themselves and Their Clients
🛡️Securing the Cloud: A Guide for Microsoft CSP Partners to Protect Themselves and Their Clients🛡️
As more and more businesses transition to the cloud, it's crucial for partners in the Microsoft Cloud Solution Provider (CSP) programme to prioritise security to safeguard themselves and their clients.
📝By following the security guidance in this article, you can take the necessary steps to ensure your tenants are secure.
✅Firstly, add a security contact for security-related issue notifications in your Partner Centre tenant. You should also check your identity secure score in Microsoft Azure Active Directory (Azure AD) and take the appropriate actions to raise your score.
✅Review and implement the guidance documented in managing nonpayment, fraud or misuse.
✅Require multifactor authentication for all users in your Partner Centre tenant and your customer tenants.
✅There are various ways to configure MFA, so choose the method that applies to the tenant you're configuring.
❗✅If your customer refuses to use MFA, don't provide them with any administrator role access to Azure AD or write permissions to Azure Subscriptions.
✅Another best practice is to adopt the Secure Application Model framework for any app and user auth model applications.
✅Disable user consent in Partner Centre Azure AD tenants or use the admin consent workflow.
✅Users who have Azure AD administrative roles, such as Global admin or Security admin, shouldn't regularly use those accounts for email and collaboration. Instead, create a separate user account with no Azure AD administrative roles for collaboration tasks.
✅For privileged users who have customer access, it's recommended to use SEPARATE, dedicated user accounts for Partner Centre.
❗✅AVOID hosting your Partner Centre instance in the same Azure AD tenant that hosts your internal IT services, such as email and collaboration tools. Only allow Partner Centre and customer tenant access from registered, healthy workstations that have managed security baselines and are monitored for security risks.
✅Monitor and audit your Partner Centre APIs, as well as sign-in activity, to detect anomalous activity. You can analyse activity logs using Azure Monitor logs and Azure AD audits
✅Partners should regularly review and verify password recovery email addresses and phone numbers within Azure AD for all users with the Global admin roles and update if necessary.
❗✅ALWAYS remember to prioritise customer security and regularly review and address any risks detected in your environment.
Want to learn more? 💡 🔗MS Docs: https://lnkd.in/eUjPAudK 🔗Security Sentinel blog: https://secsentinel.com