Rules to Better Security

• Do you choose the best authentication method for every situation?
• Security - Do you protect your Remote Desktop connections with Multi Factor Authentication (MFA)?
• Do you use an NFC Secure Access System for building access?
• Does your team understand the dangers of social engineering?
• Do you follow Security Checklists?
• Do you use Conditional Access policies?
• Do you use Microsoft Defender XDR?
• Do you use Entra Access Packages to give access to resources?
• Do you integrate SCIM for Identity Management?
• Do you use Microsoft Intune?
• Do you have an open policy for assisting with personal data breaches?
• [DEPRECATED] Do you use built in authentication from MS?
• Do you use Automatic Key management with Duende IdentityServer?
• Do you have a security@ email account?
• Do you disable insecure protocols?
• Passwords - Do you use a password manager?
• Passwords - Do you know how to securely share your passwords?
• Do you run services on their own AD accounts?
• Do you block credential dumping from lsass.exe?
• Do you stay safe against the OWASP Top 10?
• Do you know how to choose an Enterprise Password Manager?
• Does your Enterprise password manager audit access data?
• Do you only transfer de-identified data?
• Do you have a Sign-in Risk Policy?
• Do you have a User Risk Policy?
• Do you know how to migrate an existing user store to an ExternalAuthProvider?
• Do you know how Modern Stateless Authentication works?
• Do you securely share sensitive information?
• Do you use an eye toggle to allow users to see their password when signing up
• Do you take Penetration Testing seriously?
• Do you use the right cybersecurity tools as a Sysadmin?
• Do you use the right cybersecurity tools when writing code?
• Do you know how to completely remove confidential information from a GitHub Issue?