Ensure that the Security Defaults feature is enabled for Microsoft Entra ID in order to help protect your organization from common attacks. The Security Defaults feature is a set of basic identity security mechanisms recommended by Microsoft and provided at no extra cost in Microsoft Entra ID. The security feature recommendations will be enforced within your organization to help users and administrators to protect themselves against common identity-related attacks. When enabled, the Security Defaults feature will recommend you to:
- Require all users and admins to register for Multi-Factor Authentication (MFA).
- Challenge users with MFA (usually when they use a new device or application, but more often for critical roles and tasks).
- Disable authentication from legacy authentication clients, which can't use Multi-Factor Authentication (MFA).
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Security Managing access security within your organization can be challenging nowadays as common identity-related attacks such as phishing, password spraying, and replay/playback attacks are becoming more popular. Security Defaults make it easier to help protect your organization from identity-based attacks by providing you with preconfigured security settings (recommendations).
Audit
To determine if the Security Defaults feature is enabled for Microsoft Entra ID, perform the following actions:
Note: Getting the configuration status of the Microsoft Entra ID Security Defaults feature using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
To enable the Security Defaults feature for your Microsoft Entra ID, perform the following actions:
Note: Enabling Security Defaults for Microsoft Entra ID using Microsoft Graph API or Azure CLI is not currently supported.References
- Azure Official Documentation
- Azure security baseline for Microsoft Entra ID
- Security defaults in Microsoft Entra ID
- Introducing security defaults