enabling the security defaults setting in your tenant that includes multifactor authentication

Thank you for the reply James. Another un-authorised and unrequested modification to functionality of my service, done by Microsoft. I have been assured by Microsoft support that this new and forced security is only being pushed to admin accounts. Can you confirm that is the case?

Thank you, Jim.

@Jim Lawson

Thank you for following up on this!

Would you be able to share the support request number and I will gladly look into your support ticket to confirm that this is only going to be pushed to admin accounts.

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Thank you James. Microsoft support engaged directly with me several times over this issue. Mainly, they were having trouble disabling email OTP. They never actually provided any evidence on my original request, other than assuring me that this security 2FA would only be pushed to O365 admin accounts.

Service Request #: <<Removed SR Number>>

Service Request Title: Security default settings - 2FA settings

Closed Date: 5/12/2023 5:57:31 PM UTC

I look after hundreds of Microsoft O365 email accounts across 40 different medical businesses, and it is a large task for my engineers to modify anything, especially when Microsoft push setup/service changes that we don't want and we have not requested. The whole process lacks in clarity and warning, and is not professional in my opinion.

@Jim Lawson

Thank you for the quick follow up on this!

I reviewed your support request and the engineer's email regarding Admins was referencing the Security Defaults Email being sent to all the Global Admins.

However, when it comes to the automatic enablement of the Security Defaults feature, and if the email you received is the same/similar to the one in my initial answer - the Security Defaults enforced policy will apply to all users within your Azure AD tenant.

For more info - Security Defaults enforced security policies.

All users in your tenant must register for multifactor authentication (MFA) in the form of the Azure AD Multifactor Authentication. Users have 14 days to register for Azure AD Multifactor Authentication by using the Microsoft Authenticator app or any app supporting OATH TOTP. After the 14 days have passed, the user can't sign in until registration is completed. A user's 14-day period begins after their first successful interactive sign-in after enabling security defaults.

Note: After registration with Azure AD Multifactor Authentication is finished, select Azure AD administrator roles will be required to do MFA every time they sign in.

Note: After Security Defaults is enabled, you can disable Security Defaults within your Azure AD tenant to avoid any login issues for your users.

Additional Link:

• Microsoft 365 Turn Security defaults on or off

I hope this helps to clarify things! Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Thank you James.

I'm surprised if this is the only Microsoft knowledgebase thread regarding this issue.

I am not surprised at conflicting and opposing advice from Microsoft.

I tend to believe you, but I need some evidence or better explanation than the one you have provided. Can you do that?