How do I make sure MFA is not turned on with security defaults?

Stan 0 Reputation points
2023-05-08T13:34:00.9933333+00:00

I received this message below. I've gone into my settings but do not show the options as outlined in the help section. The pic at the bottom however is the option I have, will it keep this from automatically happening?

|The
security defaults setting for your International Wholesale Tile tenant will
be turned on by May 18, 2023
You’re
receiving this email because you’re a global administrator for International
Wholesale Tile.
To help protect your organization, we’re
always working to improve the security of Microsoft cloud services. As part
of this, we’re enabling the security defaults setting in your tenant
that includes multifactor authentication,
which can block more than 99.9 percent of identity attacks that attempt to compromise
your accounts.
When
you log in to your account between May 4, 2023, and May 18, 2023, you’ll see
a message prompting you to proactively enable
security defaults. If you haven’t logged in or enabled this
setting when that timeframe ends, we’ll enable it for you automatically.|| | -------- | -------- | |User's image

|

User's image

Office
Office
A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.
1,281 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,323 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 54,281 Reputation points
    2023-05-08T15:07:19.7466667+00:00

    Hi Stan,

    When you enable security defaults you enable MFA to be registered for all of your users in your tenant.

    Security defaults were designed to help protect your company's user accounts from the start. When turned on, security defaults provide secure default settings that help keep your company safe by:

    • Requiring all users and admins to register for MFA using the Microsoft Authenticator app or any third-party application using OATH TOTP.
    • Challenging users with MFA, mostly when they show up on a new device or app, but more often for critical roles and tasks.
    • Disabling authentication from legacy authentication clients that can't do MFA.
    • Protecting admins by requiring extra authentication every time they sign in.

    MFA is an important first step in securing your company, and security defaults make enabling MFA easy to implement. If your subscription was created on or after October 22, 2019, security defaults might have been automatically enabled for you—you should check your settings to confirm.

    Cited from https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=secdefaults

    If you are looking to control who has MFA enabled, then you may want to look at the other option, which is Conditional Access Policies.

    If this is helpful please accept answer.

    0 comments