Enable Azure Security Defaults

Question

I receive the following error when trying to enable Azure Security Defaults:

"It looks like you have Identity Protection policies enabled. Enabling Identity Protection policies prevents you from enabling Security defaults."

I have disabled MFA for all users

I did use a P1 licence trial but have removed this from the Tenancy.

I'm trying to block Legacy Authentication whilst using Azure AD Basic.

Any help would me most appreciated. Cheers, Rob.

Answer 1

Hello @Rob Brien , thank you for reaching out. You won't be able to enable Azure Security Defaults alongside Azure Identity Protection. Unfortunately, it's not documented and I am working on that to get that documented soon in or public docs.

You can disable policies configured under Azure Identity Protection if you want to implement Azure Security Defaults. Or if your idea is just to disable Legacy Auth, you can also go ahead and configure Conditional Access Policy to achieve the same. You can find more details on disabling Legacy Auth using CA Policy here: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication

Note: Make sure you have an Azure AD Premium License with you in order to configure/use the CA policies.

Summary, to disable legacy auth, you can either use Azure Security defaults or Conditional Access Policies, but both cannot be configured together. Secondly, with Azure Identity Protection Enabled, you cannot enable Azure Security Defaults.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.