Project 3: User Management And Authentication Part 1 Create ✓ Solved

Project 3: User Management and Authentication Part 1: Create

Part 1: Create Groups

Step 1: Log in to your portal with your user id (e.g. [email protected] ) from and click on the Azure Active Directory, Click on Groups and Click New group.

Create a Security group called KCoder_Admin_CurrentDate as a Group Name (replace CurrentDate with CurrentMonthandYear e.g. KCoder_Admin_). For Group description add Group to Manage M365 Portal. Add Michael Pattison as a member.

Create a Security group called KCoder_Support_CurrentDate as a Group Name (replace CurrentDate with CurrentMonthandYear e.g. KCoder_Support_). For Group description add Group to Support M365 Portal. Add Susan Pandya as a member.

Take a screenshot of the Groups Blade showing both security groups. Copy the screenshot to Part 1 Step 1 of the submission document.

Part 2: Manage Role-Based Access Control (RBAC) Roles

Step 1: Go to Azure Active Directory and click on Roles and administrators.

Click on Helpdesk administrator and click Add assignments. Add Michael Pattison's account to the Helpdesk administrator group. Copy the screenshot to Part 2 Step 1 of the submission document.

Step 2: Use the above steps, add Susan Pandya to the Global Administrator group. Copy the screenshot to Part 2 Step 1 of the submission document.

Part 3: Examine User Sign-ins

From the Azure Active Directory Admin Center, go to Sign-Ins and provide a screenshot of the user sign-in for the last 7 days. Copy the screenshot to Part 3 of the submission document.

Part 4: Azure Active Directory Password Reset

Click on the Azure Active Directory on the blade and go to Password reset. Step 1: From the Password reset Properties blade and add the KCoder_Support_CurrentDate group. Be sure to save the settings. Copy the screenshot to Part 4 Step 1 of the submission document. Examine the Authentication Methods, Registration, Notifications, and Customizations.

Part 5: Azure AD Banned Passwords

From the Azure Active Directory, click on Security, click on Authentication methods under Manage. Step 1: Click on password protection and enter the following information. Lockout threshold: 5, Lockout duration in seconds: 120, Enforce custom list: Yes, Enter at least 10 passwords in the Custom banned password list. Save and take a screenshot. Copy the screenshot in Part 5 Step 1 of the submission document.

Part 6: Authentication

Discuss in a few paragraphs the differences between basic authentication and modern authentication in the context of Microsoft 365 tenant. What authentication method should KCoder implement and why?

Paper For Above Instructions

User management and authentication in cloud environments are crucial for maintaining security and ensuring that users have appropriate access to resources. The procedures outlined in this project are essential components for establishing a robust user management system, specifically within Microsoft Azure Active Directory (Azure AD). This paper aims to detail the effective management and organization of users through the creation of groups, the application of Role-Based Access Control (RBAC), examination of user sign-ins, and the establishment of security protocols, including password resets and banned passwords, as well as exploring authentication methods.

Part 1: Group Creation

The initial step involves logging into the Azure portal and navigating to the Azure Active Directory. In this portal, the creation of security groups is a fundamental task. Two security groups will be established: 'KCoder_Admin_CurrentDate' to manage the M365 portal, and 'KCoder_Support_CurrentDate' designated for support operations. The precise naming conventions not only promote organizational clarity but also prevent overlap in user roles. Members Michael Pattison and Susan Pandya will be added to the respective groups, aligning them with their designated responsibilities within the organization.

Once the groups are created, taking a screenshot of the Groups Blade displaying these groups serves as documentation to confirm the successful allocation of users into their roles. This step is pivotal in illustrating the intended structure of user management within the Azure AD environment.

Part 2: Managing RBAC Roles

Role-Based Access Control is a cornerstone for securely managing access to resources in Azure AD. The 'Helpdesk administrator' role will be assigned to Michael Pattison, enhancing his capabilities in assisting users while ensuring that his access is limited to relevant administrative tasks. Subsequently, Susan Pandya, as a member of the support group, will be added to the 'Global Administrator' role. This level of access is critical for performing comprehensive administrative duties across the Azure environment.

Documenting these roles and their assignments through screenshots is essential for audit purposes, allowing for a review of who has access to what resources and maintaining the integrity of role assignments.

Part 3: User Sign-ins Examination

Analyzing user sign-ins provides invaluable insights into user activity and potential security concerns. The Azure AD Admin Center’s 'Sign-Ins' section allows administrators to observe user login activity over the past week, enabling the identification of any unusual sign-in attempts or patterns that may indicate security threats. A screenshot of this data supports transparency and accountability in user access management.

Part 4: Azure AD Password Reset Configuration

The configuration of self-service password reset capabilities is another crucial aspect of user management. By adding the 'KCoder_Support_CurrentDate' group to the Azure AD password reset properties, users within this group can manage their passwords independently, reducing the administrative burden and expediting issue resolution for users. Taking a screenshot at this stage confirms the completion of this setup and the application of several security options, including Authentication Methods, Registration, Notifications, and Customizations.

Part 5: Implementing Banned Passwords

To further enhance security measures, the implementation of banned passwords prevents users from selecting weak or commonly used passwords. This involves setting a lockout threshold and duration, as well as creating a custom list of at least 10 banned passwords to improve password strength across the organization. A screenshot documenting this configuration demonstrates the organization's commitment to maintaining a secure authentication environment.

Part 6: Basic vs. Modern Authentication

In the context of Microsoft 365, the differences between basic and modern authentication are significant. Basic authentication relies on usernames and passwords for access, lacking the capability for multifactor authentication (MFA), which reduces security significantly. In contrast, modern authentication supports a range of methods including MFA, OAuth, and conditional access policies, offering a flexible and more secure framework for user access.

KCoder should implement modern authentication due to its enhanced security features, which address vulnerabilities present in basic authentication. Adopting modern authentication aligns with best practices and reinforces the organization’s security posture against evolving cyber threats.

References

• [1] “Microsoft 365 for enterprise overview,” 09 Sep. 2020. [Online]. Available: [Accessed 1 Jan. 2020].
• [2] Microsoft, “Azure Active Directory Documentation.” [Online]. Available: https://docs.microsoft.com/en-us/azure/active-directory/.
• [3] Azure, “How to manage Azure AD Roles,” [Online]. Available: https://docs.microsoft.com/en-us/azure/active-directory/roles/roles-management.
• [4] Azure, “Self-service password reset in Azure Active Directory,” [Online]. Available: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-overview.
• [5] Microsoft, “Password protection in Azure Active Directory,” [Online]. Available: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-protection.
• [6] Microsoft, “Understanding Role-Based Access Control,” [Online]. Available: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview.
• [7] Microsoft, “What is Azure Active Directory?,” [Online]. Available: https://www.microsoft.com/en-us/security/blog/2020/09/01/what-is-azure-active-directory/.
• [8] Microsoft, “Differences between basic authentication and modern authentication,” [Online]. Available: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios.
• [9] Microsoft, “Identity and access management for Azure,” [Online]. Available: https://azure.microsoft.com/en-us/overview/security/identity-access-management/.
• [10] Microsoft, “Secure access to resources in Azure,” [Online]. Available: https://docs.microsoft.com/en-us/azure/security/fundamentals/authentication.