Azure – Preparing exam SC – 300 – Identity and Access Administrator – security defaults – Part 5

Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link - Enable / Disable Security defaults
Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link - Enable / Disable Security defaults

Hi All,

Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂 

As I am preparing for the exam SC – 300, I am keep sharing the study material 🙂

if still didn’t got a chance to went through last three related articles please have a look once. I am trying to keep as simple as possible 🙂

In last article we discussed bit about Security Defaults. We have a link “Manage Security defaults” on Azure AD properties blade/page as

Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link
fig : Azure Active Directory admin center : Tenant-wide settings – “Manage Security defaults” link

If we click on “Manage Security defaults” link, right pane popups having the details about “Security defaults” as

Azure Active Directory admin center : Tenant-wide settings - "Manage Security defaults" link - Enable / Disable Security defaults
fig : Azure Active Directory admin center : Tenant-wide settings – “Manage Security defaults” link – Enable / Disable Security defaults

What are Security Defaults :

  • Security defaults is a set of basic identity security mechanisms recommended by Microsoft
  • Microsoft introduced Security Defaults in new M365 tenants on October 2019
  • When enabled, these recommendations will be automatically enforced in our organization.
  • Administrators and users will be better protected from common identity related attacks.
  • Security defaults helps to protect our organization from the attacks like password spray, replay, and phishing with few preconfigured settings :
    • Requiring all users to register for Azure AD Multi-Factor Authentication.
      • All users in the tenant must register the MFA
      • Users have 14 days to register for Azure AD Multi-factor authentication by using Microsoft Authenticator App
      • This 14 days period begins with after first successful sign-in after enabling Security Defaults
      • If 14 days get passed, the user wont be able sign in until registration is complete
    • Requiring administrators to perform multi-factor authentication
      • Following Azure AD roles will be required to perform MFA each time they login
        • Global administrator
        • SharePoint administrator
        • Exchange administrator
        • Conditional Access administrator
        • Security administrator
        • Helpdesk administrator
        • Billing administrator
        • User administrator
        • Authentication administrator
    • Blocking legacy authentication protocols – I’ll write separate article on legacy authentication protocols
    • Requiring users to perform multi-factor authentication when necessary.
    • Protecting privileged activities like access to the Azure portal.
  • Security defaults are offered free to all office 365 subscriptions.
  • Once Security Defaults are enabled at tenant lever, it get applied to all the users in tenant. There is no way to exclude or include some users.
  • If we enable conditional policy then we wont be able to subscribe Security Defaults

When should we use Security Defaults:

  • When we want these preconfigured security settings in place. Simple one click switch either on or off
  • We need MFA for all the users in our tenant without any exception or special case

I’ll stop here for this article 🙂

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share 🙂 SHARING IS CARING 🙂 

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

1 Response

  1. May 1, 2021

    […] Azure – Preparing exam SC – 300 – Identity and Access Administrator – security defaults – Part 5 https://knowledge-junction.com/2021/03/19/preparing-exam-sc-300-identity-and-access-administrator-se… […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: