Security best practice in Hybrid Azure AD Join computer?

EnterpriseArchitect 4,721 Reputation points
2023-03-24T00:00:47.5533333+00:00

After Configuring the Hybrid Azure AD Join using: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join

Could you provide some insight and best practices into how we can safeguard Azure AD Join computers from the internet so that they don't get compromised?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,323 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,455 questions
Accepted answer
  1. Lu Dai-MSFT 28,346 Reputation points
    2023-03-24T01:32:47.2666667+00:00

    @EnterpriseArchitect Thanks for posting in our Q&A. From your description, did you mean that you want to make the device safety? If there is anything misunderstanding, feel free to let us know.

    From intune's point of view, endpoint security policy may achieve your requirements. Please refer to the following article:

    https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security

    Hope it will give you some ideas.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pavel yannara Mirochnitchenko 11,711 Reputation points
    2023-03-24T09:42:17.3433333+00:00
    • Apply Security Baselines for Windows, Defender and Edge.
    • Onboard devices to M365 Defender monitoring system and review additional security recommendations.
    • Apply ASR Rules.
    • Follow that your computer updates themselves, I suggest apply also expedite update policy for this to build quick and easy reporting system.
    • Bitlocker
    • No admins for users
    1 person found this answer helpful.
  2. EnterpriseArchitect 4,721 Reputation points
    2023-03-24T23:12:41.55+00:00

    Thank you for the reply people,

    is there any way to secure the Hybrid Azure AD join based on the specific criteria ?

    how to limit the join to prevent abuse and attack ?

    0 comments