Microsoft Entra Admin Center: How to set it up safely (2024)

Table of Contents
What is the Microsoft Entra Admin Center? Security risk Default settings: Users have these permissions by default in the Entra Admin Center Read access: users, groups, applications and organization Invite guests Register new applications in the Microsoft Entra Admin Center Solution: Restriction for the Entra administration portal Conclusion: One click for more control
  • Team Unicorn
  • August 16, 2023
  • No comments

What rights can a normal user have in Microsoft Entra Admin Center? “As little as possible, as much as necessary” should be the motto, as in all other areas of IT administration. However, the default settings of the Microsoft Entra Admin Center do not adhere to this requirement. Whatever the case, after all, they basically have to work for all users and do not know the individual framework conditions of the company and organization. In this article we show to what extent the default settings of the Admin Center make life unnecessarily easy for intruders how you can optimize them with one click.

If you would like to first find out more about Microsoft Entra, you can find all the basics in our basics article What is Microsoft Entra (formerly Azure) with lots of clear screenshots. You can find further articles on attacks and protection options here:

  • Protect Microsoft Entra Connect (Azure AD Connect) from hackers
  • This is how hackers exploit Azure App Registration

Table of Contents

What is the Microsoft Entra Admin Center?

The Admin Center is a central platform where users can efficiently manage their cloud resources and services in the Microsoft Entra cloud. The dashboard allows users to easily create, configure, monitor, and manage their Azure resources.

Security risk Default settings: Users have these permissions by default in the Entra Admin Center

By default, the permissions for users in Microsoft Entra are set according to a uniform scheme. Below we list some examples of what information a normal user can access with default settings in various areas.

Read access: users, groups, applications and organization

In the “Users” area, each user can view the list of all users by default:

All users also have read access to all public user and contact properties by default:

Groups and their properties can also be viewed by everyone:

The list of all registered apps can be viewed by all users:

In addition, all users can view information about the organization:

Invite guests

With the default settings, every user can invite external guests:

Register new applications in the Microsoft Entra Admin Center

By default, every user can register new apps:

Solution: Restriction for the Entra administration portal

Restricting the Azure AD management portal for normal users can be activated via the “User Settings”:

What does the “Restrict access to Azure AD management portal” slider do?

Selection “No”: Normal access to the management portal (set by default)

Selection "Yes": Prevents non-administrators from browsing the administration portal. This prevents non-administrators who act as group or application owners from using the Admin Center to manage their own resources.

Once a global administrator sets the slider to Yes, regular users will no longer be able to access the relevant information through the management portal.

DISCLAIMER:

Using the “Restrict access to Azure AD management portal” option poses challenges in itself NONE It is simply a way to minimize damage in the event of an attack or careless use.

Access to Azure AD data via PowerShell, the Microsoft Graph API, or other clients such as Visual Studio is not restricted. As long as individual users are assigned a custom role (or any role), their access is not restricted.

Conclusion: One click for more control

If you are the Default settings left unchanged in the Entra Admin Center, all basic users have it numerous rights: You have read access to users, groups, applications, and organizations, register new applications, and invite external guests. This is usually the case not necessary makes life unnecessarily easy for uninvited intruders. You should therefore restrict these rights as a global admin, unless there is something against it in your specific use case. You can do this in the user settings using the “Restrict access to management portal".

Increase the security of your IT system now!

You will receive detailed advice from us!

Contact us now

OTHER CONTRIBUTIONS

Tim Schughart @ Business Punk: Why every CISO should be a former hacker

September 9, 2024

Read more "

Tim Schughart @ Rhein-Zeitung Economy: The enemy in the shadows

September 6, 2024

Read more "

Tim Schughart @ WirtschaftsWoche: His assessment of the CrowdStrike glitch

July 23

Read more "

Table of Contents

Microsoft Entra Admin Center: How to set it up safely (2024)
Top Articles
Where to Invest Money in 2024
Rate Regulation Branch
Public Opinion Obituaries Chambersburg Pa
Kathleen Hixson Leaked
Visitor Information | Medical Center
Couchtuner The Office
What happened to Lori Petty? What is she doing today? Wiki
Wannaseemypixels
Mcoc Immunity Chart July 2022
CKS is only available in the UK | NICE
Miss Carramello
Bme Flowchart Psu
Myql Loan Login
What to do if your rotary tiller won't start – Oleomac
Burn Ban Map Oklahoma
Star Wars: Héros de la Galaxie - le guide des meilleurs personnages en 2024 - Le Blog Allo Paradise
Wicked Local Plymouth Police Log 2022
Is Grande Internet Down In My Area
Classic | Cyclone RakeAmerica's #1 Lawn and Leaf Vacuum
Account Suspended
The Weather Channel Local Weather Forecast
Stoney's Pizza & Gaming Parlor Danville Menu
Filthy Rich Boys (Rich Boys Of Burberry Prep #1) - C.M. Stunich [PDF] | Online Book Share
Jobs Hiring Near Me Part Time For 15 Year Olds
Lost Pizza Nutrition
Busted Mugshots Paducah Ky
Ou Football Brainiacs
Is Poke Healthy? Benefits, Risks, and Tips
Keshi with Mac Ayres and Starfall (Rescheduled from 11/1/2024) (POSTPONED) Tickets Thu, Nov 1, 2029 8:00 pm at Pechanga Arena - San Diego in San Diego, CA
Ipcam Telegram Group
Rugged Gentleman Barber Shop Martinsburg Wv
How Much Is An Alignment At Costco
Gridwords Factoring 1 Answers Pdf
Jeep Cherokee For Sale By Owner Craigslist
Manuel Pihakis Obituary
Texters Wish You Were Here
oklahoma city community "puppies" - craigslist
Grapes And Hops Festival Jamestown Ny
The Best Restaurants in Dublin - The MICHELIN Guide
Join MileSplit to get access to the latest news, films, and events!
Sdn Fertitta 2024
Sand Castle Parents Guide
Sig Mlok Bayonet Mount
Craigslist Food And Beverage Jobs Chicago
Fool's Paradise Showtimes Near Roxy Stadium 14
Citibank Branch Locations In North Carolina
Rescare Training Online
Slug Menace Rs3
Public Broadcasting Service Clg Wiki
Lux Nails & Spa
Latest Posts
IRFC Share Price Target 2024, 2025, 2026, 2027, 2030 Prediction
MetaTrader 5 Scams: How To Avoid Them | Hantec Markets
Article information

Author: Kimberely Baumbach CPA

Last Updated:

Views: 6136

Rating: 4 / 5 (41 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Kimberely Baumbach CPA

Birthday: 1996-01-14

Address: 8381 Boyce Course, Imeldachester, ND 74681

Phone: +3571286597580

Job: Product Banking Analyst

Hobby: Cosplaying, Inline skating, Amateur radio, Baton twirling, Mountaineering, Flying, Archery

Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.