Azure – Preparing exam SC – 300 – Identity and Access Administrator – security defaults – Part 5

Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link - Enable / Disable Security defaults
Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link - Enable / Disable Security defaults

Hi All,

Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂 

As I am preparing for the exam SC – 300, I am keep sharing the study material 🙂

if still didn’t got a chance to went through last three related articles please have a look once. I am trying to keep as simple as possible 🙂

In last article we discussed bit about Security Defaults. We have a link “Manage Security defaults” on Azure AD properties blade/page as

Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link
fig : Azure Active Directory admin center : Tenant-wide settings – “Manage Security defaults” link

If we click on “Manage Security defaults” link, right pane popups having the details about “Security defaults” as

Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link - Enable / Disable Security defaults
fig : Azure Active Directory admin center : Tenant-wide settings – “Manage Security defaults” link – Enable / Disable Security defaults

What are Security Defaults :

  • Security defaults is a set of basic identity security mechanisms recommended by Microsoft
  • Microsoft introduced Security Defaults in new M365 tenants on October 2019
  • When enabled, these recommendations will be automatically enforced in our organization.
  • Administrators and users will be better protected from common identity related attacks.
  • Security defaults helps to protect our organization from the attacks like password spray, replay, and phishing with few preconfigured settings :
    • Requiring all users to register for Azure AD Multi-Factor Authentication.
      • All users in the tenant must register the MFA
      • Users have 14 days to register for Azure AD Multi-factor authentication by using Microsoft Authenticator App
      • This 14 days period begins with after first successful sign-in after enabling Security Defaults
      • If 14 days get passed, the user wont be able sign in until registration is complete
    • Requiring administrators to perform multi-factor authentication
      • Following Azure AD roles will be required to perform MFA each time they login
        • Global administrator
        • SharePoint administrator
        • Exchange administrator
        • Conditional Access administrator
        • Security administrator
        • Helpdesk administrator
        • Billing administrator
        • User administrator
        • Authentication administrator
    • Blocking legacy authentication protocols – I’ll write separate article on legacy authentication protocols
    • Requiring users to perform multi-factor authentication when necessary.
    • Protecting privileged activities like access to the Azure portal.
  • Security defaults are offered free to all office 365 subscriptions.
  • Once Security Defaults are enabled at tenant lever, it get applied to all the users in tenant. There is no way to exclude or include some users.
  • If we enable conditional policy then we wont be able to subscribe Security Defaults

When should we use Security Defaults:

  • When we want these preconfigured security settings in place. Simple one click switch either on or off
  • We need MFA for all the users in our tenant without any exception or special case

I’ll stop here for this article 🙂

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share 🙂 SHARING IS CARING 🙂 

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: