Turning on Security Defaults is an easy way to protect your organisation, as it is included in the free tier of Azure Active Directory. This means no matter what license your have for Azure or Microsoft 365 , you will be able to enable Security Defaults in your tenant.
Enabling security defaults does the following:
- It requires all users and admins in your tenant to register for MFA using the Microsoft Authenticator app. (this is more secure than using a 3rd party app or the call/text method).
- It disables legacy protocols (basic authentication) for all applications that do not support modern authentication.
- It requires admins or users with privileged roles to provide more than one type of authentication.
- It challenges users more often with the MFA challenge when they sign into a new device or application.
By any means, you should ensure you are prepared to make the change on enabling security defaults. Check out my post on How to Prepare To Enable Security Defaults In Microsoft 365
Turn on Security Defaults in Azure Active Directory
- Start by logging into the Azure Active Directory admin center (https://aad.portal.azure.com/). If this is your first time logging in here, you can use the same global admin credentials that you use for the Microsoft 365 Admin Center.
- Select Azure Active Directory
- Select Properties from the menu under Manage
- Select Manage security defaults at the very bottom of the properties page
- Move the slider to Yes and click Save
You have now enabled security defaults for your organisation! It is important that you do consider what this means for you and your end users! You should take a look at our Enabling MFA and Security Defaults deployment guide (Coming Soon).