Will Security Defaults be "forced" on all tenants eventually?

David Adams 0 Reputation points
2023-09-21T22:42:11.43+00:00

I work for a MSP and recently we have been seeing clients that are having security defaults turned on at various intervals. We are not activating it. Is this some design by Microsoft as a fore-telling that it will be forcing all tenant end users to use MFA?

Will MFA not be required if Conditional Access is configured and a third party MFA option is being utilized? We offer and use DUO because it allows us to offer to our clients the ability to have MFA on Cisco Meraki VPN connections, Office 365, Exchange Online, Sharepoint Online, Windows RDP Gateway and many other items and the client does not need to have multiple apps for MFA management. I have not seen the security defaults turned on for clients I have configured conditional access policies with custom controls for Duo. So Im also wondering if Microsoft recognizes that and doesn't switch the Security Defaults on.

Thanks for your time and input.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,761 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,425 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 104K Reputation points MVP
    2023-09-22T07:18:19.03+00:00

    Security defaults are intended for smaller tenants, such that do not have the necessary licensing to leverage CA policies. They're just an attempt to improve the security posture of such customers, and also as an alternative for the free per-user MFA controls. The feature is not intended for larger customers, or those that have specific needs WRT to authentication.

    In fact, if there is at least one CA policy enabled within the tenant, you cannot toggle Security defaults:

    Your organization is currently using Conditional Access policies which prevents you from enabling security defaults. You can use Conditional Access to configure custom policies that enable the same behavior provided by security defaults.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.