Azure Security Defaults

AdamPollardPowell-0167 30 Reputation points
2023-02-09T10:15:07.4566667+00:00

What exactly happens if we turn off security defaults?

We want to strengthen our security by adding to the protection given by the defaults but in order to add conditional access policies, we have to disable defaults first.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Accepted answer
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2023-02-09T16:44:54.2733333+00:00

    Hello, turning off Azure AD Security Defaults will:

    1. No longer require all users to register for Azure AD Multi-Factor Authentication
    2. No longer require administrators to pass multifactor authentication
    3. No longer require users to pass MFA whenever Azure AD deems necessary
    4. Unblock legacy authentication protocols
    5. No longer require MFA for these services:
      1. Azure portal
      2. Azure PowerShell
      3. Azure CLI

    For more information regarding the aforementioned, including the rationale behind their enforcement, take a look to Enforced security policies.

    Once Security Defaults is disabled, it's recommended to consider Conditional Access to improve the security of your tenant.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    3 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. JimmySalian-2011 42,511 Reputation points
    2023-02-09T10:23:38.5966667+00:00

    Hi,

    Usually with Security defaults it make it easier to help protect your organization from these identity-related attacks with preconfigured security settings so that you dont have to setup manually.

    Microsoft enabled by default after Oct 2019 - If your tenant was created on or after October 22, 2019, security defaults may be enabled in your tenant. To protect all of our users, security defaults are being rolled out to all new tenants at creation.

    However you can disable and continue with your own security settings if that is required.

    Start from here and it should help you - https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

    Hope this helps.

    JS

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.