fbpx

Security Defaults

Introduction

Security defaults make it easier to help protect your organization from attacks with preconfigured security settings:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to do multi-factor authentication.
  • Blocking legacy authentication protocols.
  • Requiring users to do multi-factor authentication when necessary.
  • Protecting privileged activities like access to the Azure portal.

Security defaults are a simple way to secure tenants which do not have licensing for Azure Active Directory P1 or higher.

With this setting, you can easily enable/disable security defaults across multiple tenants.

User Impact

High – When enabled, security defaults may require users to register for MFA and will block basic/legacy authentication across all services which may have adverse affects for some tenants.

Parameters

Enabled – True/False

Admin Portal Reference

Security defaults are managed in the Azure Portal.

Azure Active Directory -> Properties -> Manage Security Defaults

Azure portal and security defaults

PowerShell Reference

Not available

Additional Notes

More information on security defaults – click here

If Action is set to Notify

We report the setting as compliant if the setting matches the enabled value as set by the parameter.

We report the setting as non-compliant if the setting does not match the enabled value as set by the parameter.

If Action is set to Enforce

We report the setting as compliant if the setting matches the enabled value as set by the parameter.

We report the setting as compliant-fixed if the setting does not match the enabled value as set by the parameter and we adjust it to match.

Get Started!

The first three tenants are free! No credit card required.

Sign Up