072: Enforce authentication with strong creds for all privileged accounts
Overview
Rollout strong authentication methods for all privileged accounts and enforce the authentication using those methods. Leverage Conditional Access and the authentication strengths feature to target administrators with admin-specific Conditional Access policies. The following controls are recommended for administrators:
- Require phishing-resistant credentials
- Windows Hello for Business
- FIDO security keys
- Certificate Based Authentication
- Limit session lifetime to a certain number of hours
- Require the use of a compliant device