Security defaults replacing baseline protection policies in Azure AD

Office 365 security defaults from February 29th 2020
Views: 270
Read Time:1 Minute, 42 Seconds

Security Defaults is the generally available version of Azure Active Directory Baseline Protection policies and is available today to all tenants. Microsoft says will be gradually replacing Baseline Protection policies with Security Defaults starting February 29th, 2020.

For the (Azure users in Zambia) who have adopted the Azure and Office 365 technology Security is very key in that environment. Especially that there are so many and overwhelming options in the Azure Active Directory Configuration. Additionally, this is a new technology but its also been moving at a very fast pace.

Fundamentally the need for Exchange System Admins to up the knowledge to the cloud and Azure is required.

What is in the Security Defaults?

Out of the box, Security Defaults arrives with these configurations

  • Require all users and admins to register for Multi-Factor Authentication (MFA)
  • Challenge users whenever Microsoft Azure systems indicate it’s necessary – mostly when users show up on a new device or app, but more often for critical roles and tasks
  • Prevent users from using legacy authentication clients, which can’t do multi-factor authentication. Security Defaults will soon block authentication requests made from Exchange Active Sync basic authentication.

How To Enable Security Defaults

Security Defaults has administrative controls to enable and disable. This feature is normally off by default but you might have it on by default if your tenant was created on or after October 22nd, 2019.

Security Defaults can be enabled/disabled by going to Azure Portal -> Properties -> Manage Security Defaults. To learn more about Security Defaults review: What are security defaults?

Security Defaults prevents users from using legacy authentication clients, which can’t do multi-factor authentication. These are normally authentication requests that are made using IMAP, SMTP, and POP3.

According to Microsoft changes updates “In the coming month, Security Defaults will begin to block Exchange Active Sync basic authentication as well. Before enabling Security Defaults, be sure to go through the legacy authentication guide to understand how to prepare for this block and move over to modern authentication.”

Leave a Comment

You must be logged in to post a comment.