Security Defaults in Azure AD

Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.

Microsoft is making security defaults available to everyone because managing security can be difficult. Identity-related attacks such as password spraying, replay, and phishing are common in today’s environment. Using multifactor authentication (MFA) and blocking legacy authentication stops more than 99.9% of these identity-related attacks. The goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.

With preconfigured security settings, security defaults make it easier to protect your organization from these identity-related attacks:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to do multifactor authentication.
  • Requiring users to do multifactor authentication when necessary.
  • Blocking legacy authentication protocols.
  • Protecting privileged activities like access to the Azure portal.

Security defaults were created from the start to help protect your company’s user accounts. Security defaults, when enabled, provide secure default settings that help keep your company safe by:

  • All users and administrators must register for MFA using the Microsoft Authenticator app or any third-party application that uses OATH TOTP.
  • Using MFA to challenge users, mostly when they appear on a new device or app, but more frequently for critical roles and tasks.
  • Disabling authentication from legacy authentication clients that are incapable of supporting MFA.
  • Admins are protected by requiring additional authentication each time they log in.

MFA is an important first step in securing your business, and security defaults make enabling MFA simple. If you created your subscription on or after October 22, 2019, security defaults may have been automatically enabled for you; check your settings to confirm.

Who’s it for?

Organizations that want to improve their security posture but don’t know where to begin.

Organizations that use the Azure Active Directory free tier.

Activating security defaults

If you created your tenant on or after October 22, 2019, security defaults may be enabled. Security defaults are being rolled out to all new tenants at the time of creation to protect all of our users.

To enable security defaults in your directory, do the following:

  • Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
  • Browse to Azure Active Directory > Properties.
  • Select Manage security defaults.
  • Set the Enable security defaults to toggle to Yes.
  • Select Save.


Professional Labs is the Best Cloud Managed Services Provider Qatar, for more details contact
Contact Us | Professional labs (