From 5aae48f1af3b30f6949761950f25221c90b42083 Mon Sep 17 00:00:00 2001 From: Bailey Bercik <12366470+baileybercik@users.noreply.github.com> Date: Tue, 12 Nov 2024 15:23:34 -0500 Subject: [PATCH 1/3] Update secure-generative-ai.md Adding as contributor --- docs/architecture/secure-generative-ai.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/secure-generative-ai.md b/docs/architecture/secure-generative-ai.md index 6d49b28465a..fea9137991b 100644 --- a/docs/architecture/secure-generative-ai.md +++ b/docs/architecture/secure-generative-ai.md @@ -7,7 +7,7 @@ manager: martinco ms.service: entra ms.subservice: architecture ms.topic: conceptual -ms.date: 11/08/2024 +ms.date: 11/12/2024 ms.reviewer: joflore #CustomerIntent: As an identity and security administrator, I want to mitigate security challenges that Generative AI (Gen AI) poses, so that I can ensure organizational security with Microsoft Entra. From 28526cec8ca8c1be972f0fc4266e5e861cefa14f Mon Sep 17 00:00:00 2001 From: John Flores Date: Tue, 12 Nov 2024 16:27:47 -0500 Subject: [PATCH 2/3] Update policy from include --- ...wto-conditional-access-session-lifetime.md | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md b/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md index 13e0b67ca18..a16f6b6ea65 100644 --- a/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md +++ b/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md @@ -64,18 +64,26 @@ To make sure that your policy works as expected, the recommended best practice i ### Policy 3: Sign-in frequency control every time risky user -1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](../role-based-access-control/permissions-reference.md#conditional-access-administrator). -1. Browse to **Protection** > **Conditional Access** > **Policies**. +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](~/identity/role-based-access-control/permissions-reference.md#conditional-access-administrator). +1. Browse to **Protection** > **Conditional Access**. 1. Select **New policy**. 1. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies. 1. Under **Assignments**, select **Users or workload identities**. 1. Under **Include**, select **All users**. - 1. Under **Exclude**, select **Users and groups** and choose your organization's [emergency access or break-glass accounts](~/identity/role-based-access-control/security-emergency-access.md). + 1. Under **Exclude**, select **Users and groups** and choose your organization's emergency access or break-glass accounts. 1. Select **Done**. -1. Under **Target resources** > **Resources (formerly cloud apps)** > **Include**, select **All resources (formerly 'All cloud apps')**. -1. Under **Conditions** > **User risk**, set **Configure** to **Yes**. Under **Configure user risk levels needed for policy to be enforced** select **High**, then select **Done**. -1. Under **Access controls** > **Grant**, select **Grant access**, **Require password change**, and select **Select**. -1. Under **Session controls** > **Sign-in frequency**, select **Every time**. +1. Under **Cloud apps or actions** > **Include**, select **All resources (formerly 'All cloud apps')**. +1. Under **Conditions** > **User risk**, set **Configure** to **Yes**. + 1. Under **Configure user risk levels needed for policy to be enforced**, select **High**. [This guidance is based on Microsoft recommendations and might be different for each organization](../id-protection/howto-identity-protection-configure-risk-policies.md#choosing-acceptable-risk-levels) + 1. Select **Done**. +1. Under **Access controls** > **Grant**, select **Grant access**. + 1. Select **Require authentication strength**, then select the built-in **Multifactor authentication** authentication strength from the list. + 1. Select **Require password change**. + 1. Select **Select**. +1. Under **Session**. + 1. Select **Sign-in frequency**. + 1. Ensure **Every time** is selected. + 1. Select **Select**. 1. Confirm your settings and set **Enable policy** to **Report-only**. 1. Select **Create** to create to enable your policy. From 1c373852229c56f31d67841c3d0bb094ce7c4b46 Mon Sep 17 00:00:00 2001 From: John Flores Date: Tue, 12 Nov 2024 16:33:07 -0500 Subject: [PATCH 3/3] Update howto-conditional-access-session-lifetime.md --- .../howto-conditional-access-session-lifetime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md b/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md index a16f6b6ea65..ce5eeaac2c5 100644 --- a/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md +++ b/docs/identity/conditional-access/howto-conditional-access-session-lifetime.md @@ -74,7 +74,7 @@ To make sure that your policy works as expected, the recommended best practice i 1. Select **Done**. 1. Under **Cloud apps or actions** > **Include**, select **All resources (formerly 'All cloud apps')**. 1. Under **Conditions** > **User risk**, set **Configure** to **Yes**. - 1. Under **Configure user risk levels needed for policy to be enforced**, select **High**. [This guidance is based on Microsoft recommendations and might be different for each organization](../id-protection/howto-identity-protection-configure-risk-policies.md#choosing-acceptable-risk-levels) + 1. Under **Configure user risk levels needed for policy to be enforced**, select **High**. [This guidance is based on Microsoft recommendations and might be different for each organization](../../id-protection/howto-identity-protection-configure-risk-policies.md#choosing-acceptable-risk-levels) 1. Select **Done**. 1. Under **Access controls** > **Grant**, select **Grant access**. 1. Select **Require authentication strength**, then select the built-in **Multifactor authentication** authentication strength from the list.