Hello @Marcel Zimmer
Yes, you can deactivate the activation of the tenant security defaults in Azure Active Directory. According to the documentation, you can manage the authentication methods policy in Azure Active Directory.
Note: Microsoft is making security defaults available to everyone because managing security can be difficult. Identity-related attacks like password spray, replay, and phishing are common in today's environment.
The goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.
Security defaults make it easier to help protect your organization from these identity-related attacks with preconfigured security settings:
- Requiring all users to register for Azure AD Multi-Factor Authentication.
- Requiring administrators to do multifactor authentication.
- Requiring users to do multifactor authentication when necessary.
- Blocking legacy authentication protocols.
- Protecting privileged activities like access to the Azure portal.
You can find more information about managing authentication methods in Azure Active Directory in the following link: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/authentication/concept-authentication-methods-manage.md
You can also enable per-user Azure AD Multi-Factor Authentication by changing the user state. You can find more information about enabling per-user Azure AD Multi-Factor Authentication in the following link: https://learn.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow
You can also configure settings for Azure MFA Server in the Azure portal. You can find more information about configuring Azure MFA Server in the following link: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
I hope this information helps you.
If this does answer your question, please feel free to mark it as the answer as a token of appreciation.