Best Practices Best practices Least Privilege & PIM für hochprivilegierte Rollen. Conditional Access: MFA erzwingen, Legacy Auth blockieren. Intune Compliance als CA‑Signal verwenden. Purview: Sensitivity Labels & DLP schrittweise (Audit → Block). Fabric/Power BI: Workspaces trennen (Prod/Dev/Test), Kapazitäten monitoren. Least privilege & PIM for highly privileged roles. Conditional Access: enforce MFA; block legacy auth. Use Intune compliance as a CA signal. Purview: introduce sensitivity labels & DLP in stages (audit → block). Fabric/Power BI: separate workspaces (prod/dev/test); monitor capacities.