Skip to the main content.

2 min read

Azure and Microsoft 365 Security: What are Security Defaults?

Azure and Microsoft 365 Security: What are Security Defaults?

 

Microsoft recently released Security Defaults to help customers make their Microsoft 365 and Azure environments more secure FOR FREE.  Before you say it… you’re right… nothing is free, it’s included at no additional cost.  Microsoft is making these features available to everyone because identity-based attacks have skyrocketed over the last couple of years.  As Microsoft states, the goal of these policies is to ensure that all organizations have a baseline level of security enabled at no extra cost.

 

NOTE: In December 2019, Microsoft announced that Baseline Policies are being deprecated and therefore removed from Azure AD starting in February 2020. Security Defaults will be the replacement.

 

So, what in the world are Security Defaults?!  To understand Security Defaults, you need to understand Baseline Policies and Conditional Access.

 

Conditional Access gives you the ability to enforce access requirements when specific conditions occur.  These policies can be complex to meet a wide variety of scenarios, but here are a couple of examples Microsoft gives. You can read more about Conditional Access here.

 

Conditions Controls
When any user is outside the company network They’re required to signin with multi-factor authentication
When users in the ‘Managers’ group sign-in They are required be onan Intune compliant or domain-joined device

 

Baseline Polices are a base level of Conditional Access policies that companies can implement at no additional cost.  Conditional AccessPolicies also do not work with Baseline Policies. If you are licensed with Azure AD Premium, you can customize Conditional Access policies and therefore you don’t need the baseline policies.

 

Here are the 4 policies that are applied:

 

  • Require MFA for admins
  • End user protection
  • Block legacy authentication
  • Require MFA for service management

 

You can read more about Baseline Policies here.

 

Baseline Security Policies and Conditional Access are applied in the same location in Azure AD.

  • In Azure AD, select Security.  Then on the Security – Getting started window, select Conditional Access.

 

 

Will someone please tell me what Security Defaults are finally? The short answer is that they are a new name for Baseline Policies but implemented by a simple toggle switch in Azure AD, instead of applying individual Baseline Policies.  If you’re serious about security within your environment, we highly recommend upgradingto a plan that includes Azure AD Premium, at a minimum you should enable Security Defaults to protect your Admins and Users from Identity attack and compromise.

 

You can read more about Security Defaults here

 

In Azure AD, click on Properties.  On the Directory Properties page, scroll to the bottom and click Manage Security defaults. Then toggle the Enable Security defaults to Yes and Save.

 

 

Some of our customers have already implemented Security Defaults, so Microsoft has removed Baseline policies from the Conditional Access – Policies screen.

 

 

#MultiFactorAuthentication #MFA #Security #Microsoft365 #Office365 #Azure #ConditionalAccess #SecurityDefaults #AzureAD

 

The Power of Microsoft Copilot for Security: Insights from a Recent Whitepaper

The Power of Microsoft Copilot for Security: Insights from a Recent Whitepaper

At CloudServus, we continuously explore innovative solutions to enhance cybersecurity effectiveness and efficiency. Our team recently came across an ...

Microsoft Copilot for Security is Generally Available April 1, 2024

Microsoft Copilot for Security is Generally Available April 1, 2024

As a proud Microsoft Solutions Partner, CloudServus is excited to dive into Microsoft Copilot for Security, set to be globally available on April 1,...

Technical Requirements for Copilot for Microsoft 365

Technical Requirements for Copilot for Microsoft 365

Unless you’ve been living under a rock for the past year, you have heard and seen the buzz around Copilot for Microsoft 365. Copilot for Microsoft...