Professional Documents
Culture Documents
• Enable single sign-on to applications • Enable Risk-based Conditional Access • Enforce BYOD MDM enrollment
• Set up Conditional Access to enforce MFA • Enable Identity Protection • Proactively manage updates, patching,
policies and monitor device health
• Register devices and remotely provision • Enforce cloud-only dedicated cloud
and deploy new devices administration accounts • Enable endpoint detection and response
with Microsoft Defender for Endpoint
• Connect on-premises infrastructure to cloud • Deploy Azure virtual desktops SAW and • Control session with MCAS app protection
• Every workload is assigned an app identity restrict server management with Azure Arc • Protect workloads with Azure Defender
DSC for hybrid micro-segmentation
• Establish and monitor micro-perimeters • Enforce additional micro-segmentation with
with landing zones and Azure Firewall • Enable network and infrastructure Azure Policy and Network Security
anomaly detection with Azure Sentinel Groups/Application Security Groups
• Monitor cloud security posture with ASC
• Use Azure AD SSO for cloud apps • Define Sensitive data types and enable • Enforce data and application access policies
automated labeling
• Use Azure AD App Proxy to enable access • Enable Information Protection policies
to on-premises web apps • Monitor aggregate sensitive data flows
• Utilize Information Protection ML classifiers
for custom detections