Share via

How do i found out if automatic security defaults for MFA will apply to Azure AD only or will it also apply to the application its linked to? in this case the application is AAFT

Govender, Dashnie 0 Reputation points
2023-02-09T11:29:09.7233333+00:00

received an automated email from Microsoft(check email trail) to say that the below security defaults for MFA will be automatically added.

 

When you enable security defaults:

  • You as a Global Administrator will be asked to register for multifactor authentication using the Microsoft Authenticator app and your phone number.
  • Everyone else in your organization will be asked to register with the Microsoft Authenticator app for multifactor authentication.

 

I followed up with BDO and they and they said that these only apply for Azure AD and NOT for the AAFT tool.  AAFT is hosted on Azure will that not technically apply to AAFT then?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Windows for business | Windows Server | Devices and deployment | Configure application groups
Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator
    2023-02-28T03:53:36.0766667+00:00

    @Govender, Dashnie

    Security defaults is basically a feature in Azure AD. This gives added security to your account while you are trying to access any services/resources in Azure Active directory.

    Whatever that comes with under Azure Active Directory will have an impact of security defaults. Mainly Authentications that happen while user log in to Azure portal, or user tries to access any resource in Azure with any Azure AD account will be prompted for MFA.

    About AAFT tool, if authentication is required to access AAFT tool then, the account which goes for an authentication to Azzure AD will have an impact of security defaults.

    However, Microsoft is making security defaults available to everyone, because managing security can be difficult. Identity-related attacks like password spray, replay, and phishing are common in today's environment.

    The goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.

    You can refer below article to get more details on security defaults,

    https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

    Below are the changes that will take effect once security defaults is enabled,

    • Requiring all users to register for Azure AD Multi-Factor Authentication.
    • Requiring administrators to do multifactor authentication.
    • Requiring users to do multifactor authentication when necessary.
    • Blocking legacy authentication protocols.
    • Protecting privileged activities like access to the Azure portal.

    Let me know if you have any further questions

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.