mail notification // microsoft going to force azure security defaults MFA

Marcel Zimmer 0 Reputation points
2023-02-21T07:45:00.4833333+00:00

Hello,

we received several mails from Microsoft Azure azure-noreply@microsoft.com with the information to enable the tenant security defaults and if this wont be done microsoft will activate them automatically with a delay of 14 days.
Start will be the week February 21, 2023.

Is there an option to deactivate the activation in the background cause we got several customers which need other mfa authentication methods then Microsoft Authenticator.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator
{count} votes

3 answers

Sort by: Most helpful
  1. Tech-Hyd-1989 5,816 Reputation points
    2023-02-21T08:14:55.9233333+00:00

    Hello @Marcel Zimmer

    Yes, you can deactivate the activation of the tenant security defaults in Azure Active Directory. According to the documentation, you can manage the authentication methods policy in Azure Active Directory.

    Link : https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

    Screenshot of the Azure portal with the toggle to enable security defaults

    Note: Microsoft is making security defaults available to everyone because managing security can be difficult. Identity-related attacks like password spray, replay, and phishing are common in today's environment.
    The goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.

    Security defaults make it easier to help protect your organization from these identity-related attacks with preconfigured security settings:

    You can find more information about managing authentication methods in Azure Active Directory in the following link: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/authentication/concept-authentication-methods-manage.md

    You can also enable per-user Azure AD Multi-Factor Authentication by changing the user state. You can find more information about enabling per-user Azure AD Multi-Factor Authentication in the following link: https://learn.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow

    You can also configure settings for Azure MFA Server in the Azure portal. You can find more information about configuring Azure MFA Server in the following link: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy

    I hope this information helps you.

    If this does answer your question, please feel free to mark it as the answer as a token of appreciation.

    1 person found this answer helpful.

  2. Stan 0 Reputation points
    2023-05-05T15:53:19.65+00:00

    Having same issue but not seeing the options you show in your azure. will the option i selected below deactivate this?

    User's image


  3. Jon Webster 0 Reputation points
    2023-06-14T18:53:04.2566667+00:00

    Hi Adity, I do not believe there is a way to disable the automatic enabling of security defaults. You have to wait for microsoft to turn it on, then turn it back off again. The alternative is to buy 1 license of Azure AD Premium P1 or P2 and then create a conditional access policy. Security defaults cannot be turned on if a conditional access policy exists. This approach entails a small cost.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.