Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Security Defaults

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: ActiveDirectory-024

Ensure that the Security Defaults feature is enabled for Microsoft Entra ID in order to help protect your organization from common attacks. The Security Defaults feature is a set of basic identity security mechanisms recommended by Microsoft and provided at no extra cost in Microsoft Entra ID. The security feature recommendations will be enforced within your organization to help users and administrators to protect themselves against common identity-related attacks. When enabled, the Security Defaults feature will recommend you to:

  • Require all users and admins to register for Multi-Factor Authentication (MFA).
  • Challenge users with MFA (usually when they use a new device or application, but more often for critical roles and tasks).
  • Disable authentication from legacy authentication clients, which can't use Multi-Factor Authentication (MFA).

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security

Managing access security within your organization can be challenging nowadays as common identity-related attacks such as phishing, password spraying, and replay/playback attacks are becoming more popular. Security Defaults make it easier to help protect your organization from identity-based attacks by providing you with preconfigured security settings (recommendations).

Audit

To determine if the Security Defaults feature is enabled for Microsoft Entra ID, perform the following actions:

Note: Getting the configuration status of the Microsoft Entra ID Security Defaults feature using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Portal

01 Sign in to the Azure Management Portal.

02 Navigate to Microsoft Entra ID blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the blade navigation panel, under Manage, select Properties.

04 On the Properties page, choose Manage Security defaults to access the feature configuration panel.

05 On the Enable Security defaults panel, check the Enable Security defaults configuration status. If Enable Security defaults is set to No, the Security Defaults feature is not currently enabled for your Microsoft Entra ID.

06 Repeat steps no. 3 – 5 for each Microsoft Entra ID that you want to examine.

Remediation / Resolution

To enable the Security Defaults feature for your Microsoft Entra ID, perform the following actions:

Note: Enabling Security Defaults for Microsoft Entra ID using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Portal

01 Sign in to the Azure Management Portal.

02 Navigate to Microsoft Entra ID blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the blade navigation panel, under Manage, select Properties.

04 On the Properties page, choose Manage Security defaults to access the feature configuration panel.

05 On the Enable Security defaults panel, select Yes under Enable Security defaults to enable the Security Defaults feature for your Microsoft Entra ID. Choose Save to apply the changes. If the change request is successful, the following message should be displayed: "Successfully saved Security defaults policy".

06 Repeat steps no. 3 – 5 for each Microsoft Entra ID that you want to reconfigure in order to enable Security Defaults.

References

Publication date Sep 19, 2021

Related ActiveDirectory rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable Security Defaults

Risk Level: High