Azure Security Defaults

Question

Azure Security Defaults

AdamPollardPowell-0167 30

What exactly happens if we turn off security defaults?

We want to strengthen our security by adding to the protection given by the defaults but in order to add conditional access policies, we have to disable defaults first.

Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2023-02-09T22:53:42.0666667+00:00

Hi @Anonymous ,

We noticed your feedback that the answer on this thread was not helpful.

Thank you for taking time to share your feedback. Kindly let us know what we could have done better to improve the answer and make your experience better.

Since @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA was able to clarify the response in the latest post and update the solution, I request that you would kindly re-take the survey for your experience on this thread.

However, if your question remains unresolved, please let us know how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback.

Looking forward to your reply. Much appreciate your feedback!
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-02-23T23:59:54.5566667+00:00

Hi @Anonymous ,

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

Accepted answer

1 additional answer

Your answer

Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2023-02-09T22:53:42.0666667+00:00

Hi @Anonymous ,

We noticed your feedback that the answer on this thread was not helpful.

Thank you for taking time to share your feedback. Kindly let us know what we could have done better to improve the answer and make your experience better.

Since @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA was able to clarify the response in the latest post and update the solution, I request that you would kindly re-take the survey for your experience on this thread.

However, if your question remains unresolved, please let us know how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback.

Looking forward to your reply. Much appreciate your feedback!
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-02-23T23:59:54.5566667+00:00

Hi @Anonymous ,

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

Answer 1

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Moderator

Hello, turning off Azure AD Security Defaults will:

No longer require all users to register for Azure AD Multi-Factor Authentication
No longer require administrators to pass multifactor authentication
No longer require users to pass MFA whenever Azure AD deems necessary
Unblock legacy authentication protocols
No longer require MFA for these services:
1. Azure portal
2. Azure PowerShell
3. Azure CLI

For more information regarding the aforementioned, including the rationale behind their enforcement, take a look to Enforced security policies.

Once Security Defaults is disabled, it's recommended to consider Conditional Access to improve the security of your tenant.

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

AdamPollardPowell-0167 30 Reputation points

2023-02-27T13:20:45.6966667+00:00

Thanks for the answer. I'm concerned about the gap between disabling security defaults and putting CA policies into place. If I set up the CAs first (it looks like templates already exist for this) , then disable the security defaults, will this work and avoid any period of vulnerability? Is this best practice and is there a guide for this transition?

Answer 2

Hi,

Usually with Security defaults it make it easier to help protect your organization from these identity-related attacks with preconfigured security settings so that you dont have to setup manually.

Microsoft enabled by default after Oct 2019 - If your tenant was created on or after October 22, 2019, security defaults may be enabled in your tenant. To protect all of our users, security defaults are being rolled out to all new tenants at creation.

However you can disable and continue with your own security settings if that is required.

Start from here and it should help you - https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

Hope this helps.

JS

==

Please Accept the answer if the information helped you. This will help us and others in the community as well.

AdamPollardPowell-0167 30 Reputation points

2023-02-09T11:08:37.0033333+00:00

That is not an answer to my question.

Share via

Azure Security Defaults

1 additional answer

Your answer