What are Microsoft Security defaults in Azure AD?
Security defaults are Microsoft settings that help protect your organization from identity-related attacks such as phishing, hacking, and unauthorized access to your account. By default, these settings protect your account from potential threats by using Multi Factor Authentication (MFA) and provide a basic level of security for all users.
What should I know about these settings?
These Security settings prevent applications from using legacy authentication that do not support modern Office 365 authentication. For instance, in order to login to your email account with the security default enabled, you must use an email client that supports modern authentication.
Enabling the Security defaults also changes how you (admin) or your users will login to Office 365 and its services as outlined in the following points.
- Prevents less secure apps from logging into your account and also prevents legacy authentication from outdated email clients. It also restricts login access if you want to login via IMAP, POP3, SMTP, or Remote PowerShell.
- Enables Multi Factor Authentication (MFA) for all users, prompting them to configure MFA during sign-in.
- Enforces MFA for privileged accounts in the Azure Active Directory to access Azure CLI, Azure Portal and so on.
Furthermore, if you intend to use Conditional Access policies (where you can customize the security settings), you must first disable the security defaults before configuring the Conditional Access policies.