Read Krebs on Security latest article Tricky Phish Angles for Persistence, Not Passwords and it sparked me to review my Office 365 security parameters.
The review of my Office 365 and Azure details took me to various articles and notes:
- Identity and device access configurations
- Five steps to securing your identity infrastructure
- Enforce Azure AD password protection for Windows Server Active Directory
- Self Service Password Reset with on-premises writeback in Microsoft 365 Business
- How-to: Configure password writeback
There is quite a bit of content here and the “Five steps…” link is the best one to start out with.
Need to take some time and review docs for Azure Advanced Threat Protection, Azure AD password protection, and Self Service Password Reset.