Enable Security Defaults

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: High (not acceptable risk)
Rule ID: ActiveDirectory-024

Ensure that the Security Defaults feature is enabled for Azure Active Directory (AAD) in order to help protect your organization from common attacks. The Security Defaults feature is a set of basic identity security mechanisms recommended by Microsoft and provided at no extra cost in Active Directory. The security feature recommendations will be enforced within your organization to help users and administrators to protect themselves against common identity-related attacks. When enabled, the Security Defaults feature will recommend you to:

  • - Require all users and admins to register for Multi-Factor Authentication (MFA).
  • - Challenge users with MFA (usually when they use a new device or application, but more often for critical roles and tasks).
  • - Disable authentication from legacy authentication clients, which can't use Multi-Factor Authentication (MFA).

This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure

Security

Managing access security within your organization can be challenging nowadays as common identity-related attacks such as phishing, password spraying, and replay/playback attacks are becoming more popular. Security Defaults make it easier to help protect your organization from identity-based attacks by providing you with preconfigured security settings (recommendations).


Audit

To determine if the Security Defaults feature is enabled for Azure Active Directory (AAD), perform the following actions:

Note: Getting the configuration status of the AAD Security Defaults feature using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Portal

01 Sign in to the Azure Management Portal.

02 Navigate to Azure Active Directory blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the blade navigation panel, under Manage, select Properties

04 On the Properties page, choose Manage Security defaults to access the feature configuration panel.

05 On the Enable Security defaults panel, check the Enable Security defaults configuration status. If Enable Security defaults is set to No, the Security Defaults feature is not currently enabled for your Microsoft Azure Active Directory.

06 Repeat steps no. 3 – 5 for each Azure Active Directory (AAD) that you want to examine.

Remediation / Resolution

To enable the Security Defaults feature for your Microsoft Azure Active Directory, perform the following actions:

Note: Enabling Security Defaults for Azure Active Directory (AAD) using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Portal

01 Sign in to the Azure Management Portal.

02 Navigate to Azure Active Directory blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the blade navigation panel, under Manage, select Properties.

04 On the Properties page, choose Manage Security defaults to access the feature configuration panel.

05 On the Enable Security defaults panel, select Yes under Enable Security defaults to enable the Security Defaults feature for your Microsoft Azure Active Directory. Choose Save to apply the changes. If the change request is successful, the following message should be displayed: "Successfully saved Security defaults policy".

06 Repeat steps no. 3 – 5 for each Azure Active Directory (AAD) that you want to reconfigure in order to enable Security Defaults.

References

Publication date Sep 19, 2021

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable Security Defaults

Risk level: High