Microsoft Security Report

on Logicom Cloud Marketplace
Logicom Cloud Marketplace Security Microsoft Security Report
on Logicom Cloud Marketplace

Introduction

A new intuitive report, that provides our Resellers detailed information on privileged accounts Multi-Factor Authentication (MFA) status for all customer Microsoft tenants that are using Azure Plan in Logicom Cloud Marketplace, in order to take action to have maximum MFA protection.


Requiring MFA for all privileged accounts makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, critical devices and data is open to attack.


The report is available in Logicom Cloud Marketplace under:
Reporting -> Sales -> Microsoft Security Report

Benefit to the Reseller

The Microsoft Security Report helps Resellers to:

  • Objectively measure Customers’ privileged accounts status in terms of MFA enablement.
  • Plan MFA improvements for Privileged users.
  • Review the success of the improvements.

Understand the Report

A “Privileged Account MFA %” score of 100% is given only when MFA is configured based on Microsoft recommendations. If only a subset of the total Privileged number of Privileged users are MFA protected, then a partial score is given. Below are some additional elements of the report:

  • SecureScoreAdminMFAin%
    Average percentage of MFA configured on privileged accounts across all tenants.

  • FLOP Customers by MFA Score%
    Customers with lowest MFA percentage.

  • UserQty
    Total number of Privileged accounts in the tenant reported by Microsoft.

  • IsCompliant
    Tenant MFA compliance status.

  • Security Defaults
    If Security Defaults has been enabled for the tenant, then it is considered as Compliant regardless of any other status shown.

Compliance Status

Status
is compliant
  • Explanation: All customer privileged accounts have MFA enabled. If there is a policy for up to two break-glass accounts, the report considers it as compliant. Otherwise, it is expected that all (100%) privileged accounts must have MFA enabled.
  • Action Needed: In case of no break glass account policy, ensure that ALL customer privilege accounts have MFA enabled.
Status
not compliant
  • Explanation: Customer’s privileged users are not fulfilling the compliance requirement above.
  • Action Needed: Enable MFA for all privilege users, unless there is a policy requiring up to two break-glass accounts.
Status
can’t verify
  • Explanation: It means that no detailed information was returned during the report generation. This can most likely occur either there is no DAP granted or there is a Conditional Access policy in place preventing access to that tenant.
  • Action Needed: Request assistance from Logicom Cloud Customer Care team to resolve the issue and re-establish necessary access

Use the Report & Implement Security Improvement Actions

The Microsoft Security Report in Logicom Cloud Marketplace includes all the information that each reseller needs to measure customers’ privileged accounts status in terms of MFA enablement and immediately plan MFA improvements. The report is updated at least three times a week to ensure that data is as current as possible.

More specifically this information can be easily accessed by the reseller as below:

  1. Primary Check: For any account that is marked as “not compliant” in the customer’s list, the reseller needs to check how many privileged accounts are not MFA enabled (MFA_User_Difference) and work with the customer to enable MFA accordingly to become “compliant”. See example below:



    As per Microsoft’s recommendations, if the company policy requests so, two emergency break-glass accounts can be excluded from MFA. So, if 3/5 have MFA enabled it is considered compliant.

    If no emergency break-glass accounts are required, then all privileged user accounts must have MFA enabled. So, for a company that has a privileged user quantity (UsersQty) of 5, all 5 must have MFA enabled regardless if the report will show the company as compliant with 3/5 (due to break-glass option)

  2. Secondary Check: Check if their account has Security Defaults enabled. If Security Defaults is enabled, then no further action is required as all privileged users have MFA or will have MFA enabled during their next login. To check Security Defaults in the report simply select “True” under “Security Defaults Enabled” dropdown:

Additional Resources