Description:
Security Defaults in Microsoft Entra ID (formerly Azure Active Directory) are pre-configured security settings designed to help protect your organization from common threats such as password spray attacks, credential stuffing, and other identity-based attacks. Enabling Security Defaults ensures that your organization’s accounts are protected by basic security measures, including requiring Multi-Factor Authentication (MFA) for all users and blocking legacy authentication protocols.
Rationale:
By enabling Security Defaults, your organization benefits from strong security settings that protect against common attack methods without requiring extensive manual configuration. These defaults provide a secure baseline that can help ensure your organization is safe until you’re ready to implement more granular security configurations. It simplifies security and ensures a basic level of protection is in place.
Impact:
Enabling Security Defaults can have a significant positive impact on security, but may require adjustments to some services that depend on legacy authentication or other specific configurations. The enforced MFA and blocked legacy protocols could disrupt workflows if your organization relies on services that don’t support modern authentication methods.
Default Value:
By default, Security Defaults are not enabled in Microsoft Entra ID. You must manually enable them.
Pre-requisites:
Microsoft Entra ID (formerly Azure Active Directory) subscription.
Global Administrator or Privileged Authentication Administrator role permissions in Microsoft Entra ID.
Audit:
Sign in to the Microsoft Entra ID portal as a Global Administrator or Privileged Authentication Administrator.
Navigate to Security > Conditional Access.
Verify if Security Defaults are enabled by reviewing the Manage Security Defaults settings.
Implementation Steps (Manual):
Sign in to Microsoft Entra ID:
Sign in to the Microsoft Entra ID portal using a Global Administrator account.
Navigate to Security Defaults:
In the Microsoft Entra ID portal, go to the Azure Active Directory section.
In the left-hand menu, select Properties.
At the bottom of the Properties pane, click on Manage Security Defaults.
Enable Security Defaults:
In the Security Defaults settings page, you’ll see an option for Enable Security Defaults.
Set the toggle to Yes to enable Security Defaults.
Click Save to apply the changes.
Confirm Configuration:
After enabling Security Defaults, confirm that the settings are applied by checking if the following features are active:
MFA for all users: Users will be prompted to register for MFA if they haven’t already.
Blocking legacy authentication: This ensures that authentication methods that cannot support MFA (such as basic authentication) are blocked.
Other default security settings: These include the enforcement of secure connections and additional layers of protection for critical accounts.
Test User Authentication:
Test by logging in with a user account to confirm that MFA is being enforced, especially for global administrators and other critical roles.
Ensure that legacy authentication methods (such as IMAP or POP) are blocked for users.
Monitor Compliance:
Regularly check the Azure AD Sign-in Logs to verify that MFA challenges are being triggered as expected and that legacy authentication attempts are blocked.
Backout Plan (Manual):
Sign in to Microsoft Entra ID:
Sign in to the Microsoft Entra ID portal as a Global Administrator or Privileged Authentication Administrator.
Navigate to Security Defaults:
Go to Azure Active Directory > Properties > Manage Security Defaults.
Disable Security Defaults:
In the Security Defaults settings, set the toggle to No to disable Security Defaults.
Click Save to apply the changes.
Test User Access:
After disabling Security Defaults, verify that users are no longer required to complete MFA registration and that legacy authentication protocols are not blocked.
Test that authentication can occur using legacy methods that were previously restricted.
Review and Update Security Policies:
After disabling Security Defaults, review your organization’s security policies and consider implementing custom Conditional Access policies to maintain a high level of security for your users.