Help! Security defaults & conditional access in Entra - messed some things up!

Question

I'm a very novice admin for all Office 365 platforms for our very small company...so take that with a grain of salt. Here's what happened:

We were trying to install a new multipurpose printer/scanner/copier. The tech needed an email address within my org for the scans to come from, so I created one in my 365 Admin account. The tech said we needed to enable SMTP, I searched for an hour and couldn't find it. Everything I Google'd and every screen shot I saw online did not look the same in my settings.

One support article I found said that in order to enable SMPT in Exchange, you need to disable Security Defaults in Entra, with step by step on how to do that. So I did that, and it defaulted to Conditional Access with 4 policies enabled.

After that, we still could not figure out the SMTP setting issue, so I resolved to just create a Gmail account for the scanner as we were out of time.

Now I have a few issues in my environment. We only have myself (the admin) and one employee. After disabling the Security Defaults, my employee is not receiving any external emails. Only internal. So that's a huge problem as it will impact our business. She also had a pop-up on her Teams asking her to sign in again, which never happens, and she tried to sign in and the MFA on the MS Authenticator app on her phone would not prompt the 2-digit code, so it's as if that wasn't working either.

So somewhere along the way with disabling the security defaults, her mail settings got messed up and her MFA is somehow messed up. I have tried everything I can to go BACK to just the normal Security Defaults, but I can't find a way to do that since Conditional Access is now turned on. Again, every screen shot I see online looks different than what I see in my environment.

So I am super frustrated now. I'd love to be able to figure out how to enable SMTP and use the actual email address that I created instead of paying $20 for the Gmail one, so that's the first step. But more importantly, I need help un-doing whatever I did in Entra so my employee can get mail and log in to her apps. Any thoughts on insights would be helpful and appreciated!

Answer 1

Hello

It appears that one of your users is not receiving external emails after disabling Security Defaults and enabling Conditional Access policies.

To resolve this, you plan to re-enable Security Defaults. Please note: all Conditional Access policies must be turned off before Security Defaults can be enabled.

Steps to Enable or Disable Security Defaults:

1. Sign in to the Azure Portal.
2. Navigate to: Entra ID > Overview > Properties.
3. Click Manage security defaults.
4. Set Security defaults to Enabled or Disabled, as required.
5. Click Save.

Steps to Disable Conditional Access Policies:

1. Sign in to the Microsoft Entra admin center.
2. Go to: Protect & secure > Conditional Access > Policies.
3. Select the policy you want to disable.
4. Under Enable policy, choose Off.
5. Save the changes.

If the user still cannot receive external emails after Security Defaults are re-enabled, the issue may be related to Exchange. We recommend involving the Exchange team for further investigation.

I hope this information is helpful. Please feel free to reach out if you have any further questions.