Azure AD – You can now enable default security settings for Azure AD

DISCLAIMER it needs to be carefully review before implementing as it will enforce the security configuration.

Microsoft has release an option to simply and automatically enabled a default security configuration on Azure AD; this includes:

  • Enforcement of MFA for privileged accounts – all administrator types account),
  • All users are required to be registered for MFA (a 14 days delay applies, letting end-user enough time to comply)
  • Legacy authentication blocked (old office client, IMAP/POP – SMTP but no Exchange ActiveSync
  • Enforcement of MFA for privileged actions – like PowerShell, Azure Cli activities

Once you have reviewed and prepared for it, you can enable it by accessing either your Azure portal (https://portal.azure.com) or Azure Active Directory portal (https://aad.portal.azure.com) to access your Azure Active Directory options

image  image

Then go to the Properties blade and click on Manage security default available below Access and management for Azure resources

image

This opens a side blade on the left, showing the current state (default is disabled), with the option to turn it on or off

image

Leave a Comment

Your email address will not be published. Required fields are marked *