Microsoft sent out mails to Microsoft 365 technical contacts saying that you should enable Azure AD security defaults to “adopt security best practices” if you aren’t utilizing it. Since some time, all newly created Microsoft 365 tenants have it enabled by default. Older tenants could have it disabled because this was the previous default setting. However, due to the fact that cybercrimes and cyberattacks are rising – as also stated in the mail – it is more important than ever to have your IT infrastructure (including all cloud services) secured with common technology measurements. Also, users should be aware of the risks and trained to adopt a “secure IT behavior”.
Microsoft will inform Azure AD administrators with a message, starting from October 17, 2022, that you should enable security defaults in order to apply security best practices on your Azure AD and Microsoft 365 to secure your Azure AD identities.
Enable security defaults
If this is turned off, you can manually enable it but users should be informed before.
- Azure portal
- Azure Active Directory
- Manage security defaults
- Enable security defaults -> Yes
- That’s it!
Enabling it will primarily do the following:
- “Global Administrators will be asked to register for multifactor authentication using the Microsoft Authenticator app and your phone number.”
- “Everyone else in your organization will be asked to register with the Microsoft Authenticator app for multifactor authentication.”
Conclusion, opinion and summary
You can find more details on security defaults in the documentation, here including how you enable it, impacts etc. Companies requiring more flexibility should consider using conditional access. Security defaults do not add extra costs, do not require extra licenses and provide a quick way to keep your Azure AD identities and Microsoft 365 more secure than without it, especially if you still do not use multi-factor authentication (MFA) for admins and users accounts. Just using username and password is very dangerous, not to say careless and it might just be a matter of time until an account is compromised and following the complete tenant and company is affected. In the worst case it is not noticed soon enough, and data is exfiltrated, encrypted, subject to ransom, sold, published and/or else.