Restrict Admin Access to Privileged Access Workstations

Expected State

When this control is compliant, your tenant should meet these criteria:

• 1Administrative portal access is restricted to designated PAW devices
• 2PAW devices have enhanced security controls (Credential Guard, AppLocker)
• 3Break-glass procedures exist for PAW unavailability

Enforcement