How to Enable “Security Defaults” in Azure and Office 365

Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS

What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to perform multi-factor authentication.
  • Blocking legacy authentication protocols.
  • Requiring users to perform multi-factor authentication when necessary.
  • Protecting privileged activities like access to the Azure portal.

Azure Active Directory security defaults | Microsoft Docs

How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save

Useful links:

Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine

Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)

Office 365, Legacy Applications and MFA

Some legacy applications don’t support MFA. This is a solution to enable the apps to continue to function when MFA is enabled for a user in Office365.

How to create a “Additional Security Verification App Passwords”

Browse to https://portal.office.com/account/

Click “Security & Privacy” then click “Manage Security and Privacy”

Expand / Click on “Additional Security Verification”

Click “Create and manage app passwords”

Click “Create”

Enter a Name , example “Diary Sync” and click “Next”

Click “copy password to clipboard” (YOU NEED THIS PASSWORD)

(password above example only)

Some might get this error. Copy the password. (short cut to copy > Ctrl +A, then Ctrl + C)

(password above example only)

Click “Close”

You now have an application password which you can use with your legacy application without MFA causing any integration problems