undefined | Better HN

0 pointsheraldgeezer14d ago0 comments

"Principle of least privilege" as MS calls it.

Do not use global admin or admin account as daily driver for one. Dont save it in browser etc either.

Limit roles, even within the application, here Intune.

Office 365 also has conditional access and many policy leavers to tweak, many cases of people locking themselves OUT of 365. So the gates work but you need to configure them.

"Break glass" global admin accounts now also require MFA. https://learn.microsoft.com/en-us/entra/identity/authenticat...

0 comments

pixl9714d ago

At the end of the day someone needs remote wipers privs, and in a large company it's something done pretty often.

mulmen14d ago

Ok and who has access to the global admin and how resistant are they to Iranian operatives?

heraldgeezerOP14d ago

What are you asking?

For Stryker specifically? We don't and probably won't know details.

For companies in general? Background checks, security clearance etc are done if the company determines this necessary and are willing to pay for the process and higher salary.

mulmen14d ago

I’m asking if it’s possible to secure the MDM process in a way that Iranian operatives can’t simply torture an administrator into pushing the big red MDM button.

1 more reply

j / k navigate · click thread line to collapse

0 pointsheraldgeezer14d ago0 comments

"Principle of least privilege" as MS calls it.

Do not use global admin or admin account as daily driver for one. Dont save it in browser etc either.

Limit roles, even within the application, here Intune.

Office 365 also has conditional access and many policy leavers to tweak, many cases of people locking themselves OUT of 365. So the gates work but you need to configure them.

"Break glass" global admin accounts now also require MFA. https://learn.microsoft.com/en-us/entra/identity/authenticat...

0 comments

pixl9714d ago

At the end of the day someone needs remote wipers privs, and in a large company it's something done pretty often.

mulmen14d ago

Ok and who has access to the global admin and how resistant are they to Iranian operatives?

heraldgeezerOP14d ago

What are you asking?

For Stryker specifically? We don't and probably won't know details.

For companies in general? Background checks, security clearance etc are done if the company determines this necessary and are willing to pay for the process and higher salary.

mulmen14d ago

I’m asking if it’s possible to secure the MDM process in a way that Iranian operatives can’t simply torture an administrator into pushing the big red MDM button.

1 more reply

j / k navigate · click thread line to collapse