DISCLAIMER it needs to be carefully review before implementing as it will enforce the security configuration.
Microsoft has release an option to simply and automatically enabled a default security configuration on Azure AD; this includes:
- Enforcement of MFA for privileged accounts – all administrator types account),
- All users are required to be registered for MFA (a 14 days delay applies, letting end-user enough time to comply)
- Legacy authentication blocked (old office client, IMAP/POP – SMTP but no Exchange ActiveSync
- Enforcement of MFA for privileged actions – like PowerShell, Azure Cli activities
Once you have reviewed and prepared for it, you can enable it by accessing either your Azure portal (https://portal.azure.com) or Azure Active Directory portal (https://aad.portal.azure.com) to access your Azure Active Directory options
Then go to the Properties blade and click on Manage security default available below Access and management for Azure resources
This opens a side blade on the left, showing the current state (default is disabled), with the option to turn it on or off
