Introduction #
Security defaults make it easier to help protect your organization from attacks with preconfigured security settings:
- Requiring all users to register for Azure AD Multi-Factor Authentication.
- Requiring administrators to do multi-factor authentication.
- Blocking legacy authentication protocols.
- Requiring users to do multi-factor authentication when necessary.
- Protecting privileged activities like access to the Azure portal.
Security defaults are a simple way to secure tenants which do not have licensing for Azure Active Directory P1 or higher.
With this setting, you can easily enable/disable security defaults across multiple tenants.
User Impact #
High
When enabled, security defaults may require users to register for MFA and will block basic/legacy authentication across all services which may have adverse affects for some tenants.
Parameters #
Enabled – True/False
Admin Portal Reference #
Security defaults are managed in the Azure Portal.
Azure Active Directory -> Properties -> Manage Security Defaults
PowerShell Reference #
Not available
Additional Notes #
More information on security defaults – click here
If Action is set to Notify #
We report the setting as compliant if the setting matches the enabled value as set by the parameter.
We report the setting as non-compliant if the setting does not match the enabled value as set by the parameter.
If Action is set to Enforce #
We report the setting as compliant if the setting matches the enabled value as set by the parameter.
We report the setting as compliant-fixed if the setting does not match the enabled value as set by the parameter and we adjust it to match.
