Azure Security Default

Azure Security Default
Photo by Scott Webb / Unsplash

Security Default is the free replacement of  Conditional Access Policy (only available with AAD Premium)’ Now we can achieve the same security with AAD Free including MFA. Yes, MFA will be free now.

There could be two types of tenant:

1. Where ‘conditional access’ has already implemented so we don’t have to do anything. Still, We can plan to transit to ‘Security Default’, it means going back to AAD Free from  AAD P1 if you want to save some cost.

2. Where ‘conditional access’ has not implemented. You are good to go and enable it by a single click.

Go to Azure Portal->Azure Active Directory->Properties.

2.  Enable security defaults by clicking on the Yes button.

You cannot enable security default if you are already using a conditional access policy.

After enabling ‘Security Default’:

All the users for that tenant will have MFA enabled and each user need to set up MFA(Apps, phone, SMS) in order to access the resources. There is a small catch in this.

Security Default does not allow to exclude any users from MFA. It means if MFA service will down then no one can access the resources. Conditional Access allows us to exclude users (like Break  Glass user) and we still can access the azure resources even MFA service down.

You need to decide whether we want to go with ‘Security Default’ free or ‘Conditional access’ paid one.