Ensure that the Security Defaults feature is enabled for Azure Active Directory (AAD) in order to help protect your organization from common attacks. The Security Defaults feature is a set of basic identity security mechanisms recommended by Microsoft and provided at no extra cost in Active Directory. The security feature recommendations will be enforced within your organization to help users and administrators to protect themselves against common identity-related attacks. When enabled, the Security Defaults feature will recommend you to:
- - Require all users and admins to register for Multi-Factor Authentication (MFA).
- - Challenge users with MFA (usually when they use a new device or application, but more often for critical roles and tasks).
- - Disable authentication from legacy authentication clients, which can't use Multi-Factor Authentication (MFA).
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Managing access security within your organization can be challenging nowadays as common identity-related attacks such as phishing, password spraying, and replay/playback attacks are becoming more popular. Security Defaults make it easier to help protect your organization from identity-based attacks by providing you with preconfigured security settings (recommendations).
To determine if the Security Defaults feature is enabled for Azure Active Directory (AAD), perform the following actions:Note: Getting the configuration status of the AAD Security Defaults feature using Microsoft Graph API or Azure CLI is not currently supported.
Remediation / Resolution
To enable the Security Defaults feature for your Microsoft Azure Active Directory, perform the following actions:Note: Enabling Security Defaults for Azure Active Directory (AAD) using Microsoft Graph API or Azure CLI is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Security Defaults
Risk level: High