Microsoft Entra Admin Center: How to set it up safely (2024)

Table of Contents
What is the Microsoft Entra Admin Center? Security risk Default settings: Users have these permissions by default in the Entra Admin Center Read access: users, groups, applications and organization Invite guests Register new applications in the Microsoft Entra Admin Center Solution: Restriction for the Entra administration portal Conclusion: One click for more control
  • Team Unicorn
  • August 16, 2023
  • No comments

What rights can a normal user have in Microsoft Entra Admin Center? “As little as possible, as much as necessary” should be the motto, as in all other areas of IT administration. However, the default settings of the Microsoft Entra Admin Center do not adhere to this requirement. Whatever the case, after all, they basically have to work for all users and do not know the individual framework conditions of the company and organization. In this article we show to what extent the default settings of the Admin Center make life unnecessarily easy for intruders how you can optimize them with one click.

If you would like to first find out more about Microsoft Entra, you can find all the basics in our basics article What is Microsoft Entra (formerly Azure) with lots of clear screenshots. You can find further articles on attacks and protection options here:

  • Protect Microsoft Entra Connect (Azure AD Connect) from hackers
  • This is how hackers exploit Azure App Registration

Table of Contents

What is the Microsoft Entra Admin Center?

The Admin Center is a central platform where users can efficiently manage their cloud resources and services in the Microsoft Entra cloud. The dashboard allows users to easily create, configure, monitor, and manage their Azure resources.

Security risk Default settings: Users have these permissions by default in the Entra Admin Center

By default, the permissions for users in Microsoft Entra are set according to a uniform scheme. Below we list some examples of what information a normal user can access with default settings in various areas.

Read access: users, groups, applications and organization

In the “Users” area, each user can view the list of all users by default:

All users also have read access to all public user and contact properties by default:

Groups and their properties can also be viewed by everyone:

The list of all registered apps can be viewed by all users:

In addition, all users can view information about the organization:

Invite guests

With the default settings, every user can invite external guests:

Register new applications in the Microsoft Entra Admin Center

By default, every user can register new apps:

Solution: Restriction for the Entra administration portal

Restricting the Azure AD management portal for normal users can be activated via the “User Settings”:

What does the “Restrict access to Azure AD management portal” slider do?

Selection “No”: Normal access to the management portal (set by default)

Selection "Yes": Prevents non-administrators from browsing the administration portal. This prevents non-administrators who act as group or application owners from using the Admin Center to manage their own resources.

Once a global administrator sets the slider to Yes, regular users will no longer be able to access the relevant information through the management portal.

DISCLAIMER:

Using the “Restrict access to Azure AD management portal” option poses challenges in itself NONE It is simply a way to minimize damage in the event of an attack or careless use.

Access to Azure AD data via PowerShell, the Microsoft Graph API, or other clients such as Visual Studio is not restricted. As long as individual users are assigned a custom role (or any role), their access is not restricted.

Conclusion: One click for more control

If you are the Default settings left unchanged in the Entra Admin Center, all basic users have it numerous rights: You have read access to users, groups, applications, and organizations, register new applications, and invite external guests. This is usually the case not necessary makes life unnecessarily easy for uninvited intruders. You should therefore restrict these rights as a global admin, unless there is something against it in your specific use case. You can do this in the user settings using the “Restrict access to management portal".

Increase the security of your IT system now!

You will receive detailed advice from us!

Contact us now

OTHER CONTRIBUTIONS

Tim Schughart @ Business Punk: Why every CISO should be a former hacker

September 9, 2024

Read more "

Tim Schughart @ Rhein-Zeitung Economy: The enemy in the shadows

September 6, 2024

Read more "

Tim Schughart @ WirtschaftsWoche: His assessment of the CrowdStrike glitch

July 23

Read more "

Table of Contents

Microsoft Entra Admin Center: How to set it up safely (2024)
Top Articles
TradingView vs. TrendSpider: 88 Point Test Reveals The Best
The Ultimate Guide to Earning a 10% Rate of Return on Your Investments
Skycurve Replacement Mat
Research Tome Neltharus
Frank Lloyd Wright, born 150 years ago, still fascinates
Pga Scores Cbs
Magic Mike's Last Dance Showtimes Near Marcus Cedar Creek Cinema
Culver's Flavor Of The Day Monroe
Garrick Joker'' Hastings Sentenced
What Is A Good Estimate For 380 Of 60
Charmeck Arrest Inquiry
FAQ: Pressure-Treated Wood
National Office Liquidators Llc
Dr Manish Patel Mooresville Nc
Les Rainwater Auto Sales
Locate At&T Store Near Me
Officialmilarosee
ZURU - XSHOT - Insanity Mad Mega Barrel - Speelgoedblaster - Met 72 pijltjes | bol
Petco Vet Clinic Appointment
Cincinnati Adult Search
All Obituaries | Gateway-Forest Lawn Funeral Home | Lake City FL funeral home and cremation Lake City FL funeral home and cremation
Talk To Me Showtimes Near Marcus Valley Grand Cinema
Best Sports Bars In Schaumburg Il
Ihub Fnma Message Board
Play Tetris Mind Bender
104 Presidential Ct Lafayette La 70503
Cpt 90677 Reimbursem*nt 2023
Chicago Based Pizza Chain Familiarly
Is Holly Warlick Married To Susan Patton
Vera Bradley Factory Outlet Sunbury Products
Mercedes W204 Belt Diagram
1475 Akron Way Forney Tx 75126
Hotel Denizen Mckinney
Autotrader Bmw X5
What Is Xfinity and How Is It Different from Comcast?
Puerto Rico Pictures and Facts
Sinfuldeeds Vietnamese Rmt
AP Microeconomics Score Calculator for 2023
Ishow Speed Dick Leak
What Is Kik and Why Do Teenagers Love It?
Blackstone Launchpad Ucf
Craigslist Pa Altoona
Traumasoft Butler
Winta Zesu Net Worth
National Weather Service Richmond Va
Hk Jockey Club Result
UT Announces Physician Assistant Medicine Program
Lawrence E. Moon Funeral Home | Flint, Michigan
Displacer Cub – 5th Edition SRD
How to Find Mugshots: 11 Steps (with Pictures) - wikiHow
Minute Clinic Mooresville Nc
Sj Craigs
Latest Posts
Are there any cons to RAM plus?
Geldanlage mit ETF: Viel zu wissen hilft nicht unbedingt viel
Article information

Author: Kimberely Baumbach CPA

Last Updated:

Views: 6136

Rating: 4 / 5 (41 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Kimberely Baumbach CPA

Birthday: 1996-01-14

Address: 8381 Boyce Course, Imeldachester, ND 74681

Phone: +3571286597580

Job: Product Banking Analyst

Hobby: Cosplaying, Inline skating, Amateur radio, Baton twirling, Mountaineering, Flying, Archery

Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.