How to enable Azure Active Directory security defaults in Office 365
Prerequisites
- Applies to: Administrator
- Difficulty: Moderate
- Time Needed: Approximately 30 minutes
- Tools Needed: Office 365® Global Administrator access
For more information about prerequisite terminology, see Cloud Office support terminology.
Administrators looking for a simple solution to secure their Office 365 tenant have the option of turning on security defaults for their organization. Security defaults make the following changes to your organization's tenant:
- Unifies the Multi-Factor Authentication (MFA) registration experience for all users.
- Enforces MFA for users and administrators.
- Blocks legacy authentication methods such as Internet Message Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), and Post Office Protocol (POP3).
- Blocks requests made by clients that don't use modern authentication.
- Requires extra authentication when accessing highly privileged areas such as the Office 365 Admin Center and Azure® Portal.
- Requires the Microsoft® Authenticator app for MFA.
This article lists the steps to enable Azure Active Directory® security defaults.
Warning: Security defaults only support MFA by using the Microsoft Authenticator app with the notification method. If any users in your organization don't have a mobile device or are unable to use the Microsoft Authenticator app, don't enable this feature.
Enable security defaults
-
Log in to your Office 365 Control Panel.
-
From the left menu, select Office 365 Admin Center.
-
From the left menu, select Azure Active Directory under Admin centers.
Note: If you don't see the Admin centers section, you might need to select Show all....
-
Select Azure Active Directory from the left menu, then Properties.
-
Select Yes, and then Save.
Additional resources
To learn more about security defaults, see "What are security defaults?".
To learn more about setting up MFA with a mobile device, see Set up two-factor sign-in on your phone.
Updated over 1 year ago