Let’s learn Entra ID Best Practices Monitoring Option for the Tenant. Let’s check how to ensure that you are following all the best practices of Entra ID, AKA Azure Active Directory (Entra ID). Conducting a comprehensive review and audit of your current configurations and settings is essential.
This article provides an overview of how you, as an administrator, can effectively utilize Azure AD (Entra ID) recommendations. As part of your responsibility, it is crucial to regularly review the recommendations specific to your tenant and its associated resources.
We have two separate Articles for the Entra Global Secure Access and Microsoft Entra ID and an overview of the video discussing the latest enhancements in Azure AD App Proxy and the premium version of Entra App Proxy.
The Entra Active Directory (aka Entra ID) recommendations feature helps monitor the status of your tenant. With Entra AD recommendations, you no longer need to scrutinize your tenant’s settings and configurations manually constantly. Instead, the feature analyzes your environment and offers tailored suggestions to address potential security risks, optimize performance, and streamline authentication processes.
- New Microsoft Entra Portal Walkthrough
- Create AVD Azure AD Dynamic Device Group using systemLabels Property
What are Entra ID Recommendations?
The Entra ID recommendations feature implements Azure Advisor, a personalized cloud consultant for optimizing Entra deployments. Azure Advisor analyzes resource configurations and usage data, offering valuable recommendations to improve Entra resources’ cost-effectiveness, performance, reliability, and security.
What are the Advantages of Entra ID Recommendation Feature?
The Entra AD recommendation feature offers several advantages that effectively benefit organizations in managing their Entra ID (Azure AD) environment. The following are the advantages of the Recommendation Feature.
1. Improve the state of your Entra tenant
2. Time and Cost Savings
3. Customized Improve the state of your Entra ID tenant
4. Customized Configurations
5. Suggests best practices for Entra-related features
Video Shorts – Entra ID Best Practices Monitoring Option for the Tenant
In this video short, the Entra ID best practices monitoring option for the tenant is introduced as an efficient solution for handling the complexities of managing settings and resources within your Entra ID environment. Keeping track of all these elements can be challenging, but with the Entra recommendations feature, you can offload this responsibility and rely on proactive monitoring.
Entra ID Best Practices Monitoring Option for the Tenant
To ensure your tenant has optimal configurations and all the best practices in place, a straightforward approach is available through the Entra admin center portal. Log in to the Entra admin center portal using your admin ID and password.
- Once in the Entra admin center, find and click on the “Identities” section.
- Click on overview Under the identities tab
- In the overview, you will be able to see a tab called Recommendation
- Entra ID recommendations identify personalized opportunities for you to implement Entra ID best practices.
- There will be a list of things you can optimize from your tenant’s perspective.
- There are 9 recommendations for Entra ID, and all 9 would not be available to your tenant.
- Only the applicable configurations will appear on the recommendation page.
|Last Update (UTC)||Recommendation||Release Type||Impacted Resource Type||Status||Last Updte (UTC)|
|Medium||Migrate Eligible Users from SMS and Voice Call to Microsoft Authenticator App for a Better MFA User Experience||Preview||Users||Completed||Feb 10, 2023, 12.51 AM|
Migrate Eligible Users from SMS and Voice Call to Microsoft Authenticator App for a Better MFA User Experience
One of the latest preview recommendations offered by Microsoft is to migrate users to the Microsoft Authenticator app for authentication purposes. This recommendation is called useAuthenticatorApp in the recommendations API in Microsoft Graph.
- It offers valuable insights and actionable guidance to encourage organizations to leverage the Microsoft Authenticator app as a preferred method for user authentication.
- By adopting this recommendation, organizations can support their security posture, as the app provides an additional layer of protection through Multi-Factor Authentication (MFA).
- Azure AD SSPR Self Service Password Reset Guide
- Export Azure AD Logs to Azure Monitor | Analyse the Logs using KQL Queries
How Entra ID Recommendations Work
The Entra ID recommendations feature operates through daily tenant configuration analysis. During this analysis, Entra ID compares the data of each recommendation with the actual settings and setup in your tenant. If a recommendation is deemed relevant and applicable to your specific tenant, it will be surfaced in the Recommendations section of the Entra ID Overview area.
- The recommendations are prioritized based on importance, allowing you to identify which areas require immediate attention quickly.
- Each recommendation includes a detailed description, highlighting the value of addressing the specific issue or improvement.
- Moreover, you will find a step-by-step action plan that guides you on effectively implementing the recommendation.
Recommendation Availability and License Requirements
The Entra ID recommendations feature offers a comprehensive set of insights for organizations, presenting a table with the recommendations available in either public preview or general availability. It’s important to note that the license requirements associated with these recommendations are subject to change.
The table includes essential details, such as impacted resources and links to relevant documentation.
Note! – Note: Entra ID only presents the recommendations that are relevant and applicable to your specific tenant. As a result, you may not see all the supported recommendations listed in the Entra ID recommendations feature.
|Recommendation||Impacted resources||Required license||Availability|
|Convert per-user MFA to Conditional Access MFA||Users||All licenses||Generally available|
|Migrate applications from AD FS to Azure AD||Applications||All licenses||Generally available|
|Migrate from ADAL to MSAL||Applications||All licenses||Generally available|
|Migrate to Microsoft Authenticator||Users||All licenses||Preview|
|Minimize MFA prompts from known devices||Users||All licenses||Generally available|
|Remove unused applications||Applications||Azure AD Premium P2||Preview|
|Remove unused credentials from applications||Applications||Azure AD Premium P2||Preview|
|Renew expiring application credentials||Applications||Azure AD Premium P2||Preview|
|Renew expiring service principal credentials||Applications||Azure AD Premium P2||Preview|
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.