Enabling Security Defaults (MFA)
Security Defaults are a set of rules and identify security mechanisms preconfigured by Microsoft, but the rules are left disabled by default. Enabling these defaults will impact your entire tenant. Admins and users will be required to start using MFA (adding an additional layer of security upon sign-in), better protecting your tenant and the data within from exposure through phishing and other identity-related attacks.
The See also section of this recipe includes a link to user training as well as additional resources you should read before enabling the Security Defaults, to ensure you are clear on the impact to your organization.
Only an admin with the Global Admin role can make these changes to the tenant security settings. These steps are based on the "new" admin center (released for preview in 2018-2019).
This process assumes you are working from a recently created tenant (2017 or newer). If you are using an older tenant and have set up baseline policies, you will need to disable those policies and move to the new Security Defaults. Additionally, you may need to activate modern authentication in your tenant (the See also section of this recipe has instructions on how to verify this). This is not required for recently created tenants (2017 or newer).
How to do it…
- Sign in to the Microsoft 365 Admin Center at http://admin.microsoft.com.
- Go to the Azure AD Properties page at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties.
- Select Manage Security defaults at the bottom of the page.
- The Enable Security defaults panel will load:
- Toggle the Enable Security defaults selector to Yes.
- Click Save.
How it works…
You've just enabled MFA, among other security enhancements, by toggling on Enable Security defaults. Security defaults are rules, or conditional access policies, which are set by default to help control how users and admins interact with Office 365.
- User training on how to download and use Microsoft Authenticator with Office 365: https://support.office.com/en-us/article/use-microsoft-authenticator-with-office-365-1412611f-ad8d-43ab-807c-7965e5155411?ui=en-US&rs=en-US&ad=US#ID0EAADAAA=_Step_1
- Verify if your tenant is set up with modern authentication (typically applies to tenants older than 2017): https://docs.microsoft.com/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online
- Understanding the new Security Defaults and the impact to your users and tenant: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults