External Azure tenant security risks

Vince Dra 1 Reputation point
2022-04-08T13:44:37.547+00:00

Hello,

Can anyone tell me what are the risks of a company (owning a separate Azure tenant), reaching an external Azure tenant with a browser ?
The external Azure tenant hosts a business application, provided by a software publisher.

The accounts from the company are not shared with the external tenant, so each AD are differents,. In fact, you have to use a MFA authentification with differents IDS and passwords, specific to the external tenants.

In my opinion, as long as the external tenant only allow to use a business application (no Outlook, One Drive, unsecure third party software....), then the risks of data leakage or malware riks are limited, no ?
Also, what are the main guidelines and security measures to mitigate this kind of situation ?

Thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,187 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,806 Reputation points Microsoft Employee
    2022-04-14T23:48:11.42+00:00

    Hi @VinceDra-8228,

    Can anyone tell me what are the risks of a company (owning a separate Azure tenant), reaching an external Azure tenant with a browser?

    If you are looking to grant external users access to specific applications, there are a number of security best practices you can put in place to ensure that your data is safe.

    Azure even has a guide for creating a security plan for external access. In order to secure your applications and users, you can group resources for access, create sign-in conditions for external users, implement RBAC to make sure that the right roles are applied for different users, and apply the right application and network security. Azure AD also has security defaults in place that require all users to register for MFA.

    If you're worried about security threats, you can employ Advanced Threat Protection to monitor and detect potential risks to your environment. And if you're concerned about browser malware, you can review the security options in the prevent malware infection article.

    If you provide more details about your specific concerns and intended setup, I will be happy to offer options for how to make sure that your environment is secure. But based on the setup you described I don't see any inherent red flags.

    Let me know if this helps and if there's any specific security concern about your environment that you would like to address.

    Thanks,

    Marilee

    -

    If this answer helped resolve your question, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

    0 comments No comments