Moving away from Security defaults

AnnaG 166 Reputation points
2024-02-16T20:19:34.3366667+00:00

Hi all We want to move away from security defaults to something like per-user MFA or CA policies. Ideally the latter but CA and security defaults cant be used at the same time so a better route might be move from one to the other as we don't want MFA disabled for too long, if at all. We've got the license to use CA. We want to ensure none of our users needs to be asked again for MFA registration so the transition is as non impacting as possible. I feel as long as we have the correct auth methods in place for each account (authentication being key as security defaults uses this), we should be fine when moving to the other options? Might be better to progress to CA at a later stage as well as I realize it is CA or Security defaults only and not both at same time. Any advise would be appreciated from those that have moved already. Thanks in advance.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 50,260 Reputation points MVP Volunteer Moderator
    2024-02-17T00:56:15.4666667+00:00

    AFAIK, the users' MFA registration information would remain valid - eliminating the need for users to re-register hth
    Marcin

    0 comments No comments

  2. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2024-02-20T12:02:12.99+00:00

    Hi @AnnaG

    Thank you for posting your query on Q&A.

    I understand that you are switching from Security Defaults to Conditional Access (CA) policies or per-user MFA in Entra ID.

    When you enable Security Defaults in Azure, all users are required to register for Multi-Factor Authentication (MFA).

    If you are switch to Conditional Access policies, the MFA registrations done under Security Defaults will still be valid and users will not be asked to register for MFA again if they have already done so under Security Defaults

    If a user has not registered for MFA under the previous Security Defaults, and they hit a condition in your Conditional Access policy that requires MFA, they will be prompted to register at that time.

    I hope this information helps! please Feel free to ask any questions you may have.

    Thanks,

    Akhilesh.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.