Restricting None Privilege User Access to Admin Portal in O365 Environment

In general, you should prefer to restrict none privilege account access to your administrative portal URL’s. When your day to day user figures out one of the administration URL’s and wants to access them, out the box configuration will allow them to do so.

Let’s start listing known portal administrator URL’s first then take a look how authenticated none privilege user would have access to such resources and why this would be not the best scenario for your business. First download this awesome script “ACCESS-O365-ADMIN-URLs-V1.ps1” from Tech-net scripting library to help your administrators to access some of these URL’s more efficiently.

Some of the most used O365 Admin portal URL List

Portal Name	Portal URL
Admin Portal	https://admin.microsoft.com/AdminPortal/Home#
Azure Active Directory Admin Center	http://aad.portal.azure.com
Azure Directory	https://manage.windowsazure.com/
One Drive Admin Portal	https://admin.onedrive.com/
Teams Admin Portal	https://admin.teams.microsoft.com
Lync Admin Portal (legacy)	https://admin0a.online.lync.com/LSCP
SharePoint Admin Portal	https://tenant-admin.sharepoint.com
TSA ECP Access	https://outlook.office.com/ecp
Quarantine Management	https://protection.office.com/?hash=/quarantine
Message Trace	https://protection.office.com/messagetrace

Preventing users to browse on the directory services

• Log in to Azure portal with global administrator rights
• Use following URL | https://portal.azure.com/#home |
• On the left pane, click | Azure Active Directory |
• Select | Users| then | User Settings | under  Administration Portal|
• Restrict Access to Azure AD Administration Portal
• Select | YES | and click save

Casey, Dedeal

Azure Solutions Architect

AWS Certified Cloud Practitioner

https://simplepowershell.blogspot.com

https://cloudsec365.blogspot.com

https://msazure365.blogspot.com

https://twitter.com/Message_Talk