Review and update Entra ID core settings (2023)


  • Setup "Company branding"
  • Review all "User accounts" to ensure all are needed and authentication is off for accounts that do not need interactive sign-in
  • Check "User settings" such as "Users can register applications"
  • Check "Group settings" such as “Enable expiration for these Microsoft 365 groups”
  • Check "Device settings" such as “Users may join devices to Azure AD”
  • Check "Enterprise state roaming" settings such as “Users may sync settings and app data across devices”
  • Review "Enterprise applications"
  • Check "Enterprise applications consent and permissions settings" including setting up the Admin application review and approval process
  • Review "App registrations"
  • Check "Conditional access" including settings such as "Require phishing-resistant multifactor authentication for admins", "Securing security info registration" and "Block legacy authentication"
  • Check "Authentication methods" including migration to the converged "SSPR and authentication methods policy", setup of "Temporary Access Pass" and "Microsoft Authenticator", "Registration campaign" and "Password protection"
  • Review "User registration details" to ensure all users are capable of MFA and SSPR and resolve any issues
  • Review "Self service password reset (SSPR)"
  • Ensure good passwords are in use for all users