Step 1 — Fix Identity: The Non-Negotiable Foundation of AI (1-Minute Read)
Part of the “Becoming AI-Ready” Series
Before data, governance, or use-cases — identity comes first.
If identity is weak, AI becomes unpredictable, unsafe, and impossible to control.
This is the number-one blocker I see in the field.
Here’s the quick version of what “fixing identity” actually means — with how-to resources to get started.
1. Enforce MFA Everywhere
Not just “recommended”, not just “for some users”.
Every. Single. User.
How-to:
See Microsoft Entra ID MFA – How it Works (Microsoft Learn)
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-howitworks
And configure it via the tutorial: Enable Entra MFA
https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa
2. Kill Legacy Authentication
If you still have basic auth or older protocols enabled — you’re inviting risk.
Modern authentication is the baseline.
How-to:
Plan your MFA and legacy auth switch-off via the deployment guide:
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-getstarted
3. Build Clear Conditional Access Policies
This is your control layer: “If user X from location Y on device Z — then access resource A.”
Without this, identity becomes inconsistent.
How-to:
Explore Conditional Access overview and policy planning links:
Microsoft Entra Conditional Access overview
https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
And dive into conditions in CA policies: users/groups, devices, locations
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
4. Clean Up Users, Guests, and Groups
Old accounts. Stale permissions. External guests without reviews.
AI will see them — and you don’t want it to.
How-to:
There isn’t a single “cleanup” tutorial but use the CA user/group guidance above and audit your directory consistently.
5. Make Devices Compliant
If your devices are unmanaged or not governed, your control model is broken.
Identity + compliant devices = trust.
How-to:
Refer to identity management overview that covers device compliance as part of the story:
https://learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-overview
Why It Matters
AI builds on identity.
If identity is weak — AI becomes a liability.
If identity is strong — AI becomes a multiplier.
This is the foundation everything else sits on.
Next up:
Step 2 — Preparing Your Data for AI: Clean, Classify, Consolidate.
— Jean-Paul Abi Atme