Azure AD – You can now enable default security settings for Azure AD

DISCLAIMER it needs to be carefully review before implementing as it will enforce the security configuration.

Microsoft has release an option to simply and automatically enabled a default security configuration on Azure AD; this includes:

  • Enforcement of MFA for privileged accounts – all administrator types account),
  • All users are required to be registered for MFA (a 14 days delay applies, letting end-user enough time to comply)
  • Legacy authentication blocked (old office client, IMAP/POP – SMTP but no Exchange ActiveSync
  • Enforcement of MFA for privileged actions – like PowerShell, Azure Cli activities

Once you have reviewed and prepared for it, you can enable it by accessing either your Azure portal ( or Azure Active Directory portal ( to access your Azure Active Directory options

image_thumb[1]  image_thumb

Then go to the Properties blade and click on Manage security default available below Access and management for Azure resources


This opens a side blade on the left, showing the current state (default is disabled), with the option to turn it on or off


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies