Summary
Important: Enable security defaults on your CSP tenants.
Impacted audience
All Office 365 services
Details
We strongly encourage you to implement MFA immediately to raise the security baseline of your tenant. Starting March 11, 2024, we will begin rolling out security defaults on all tenants that either don’t already have MFA or have per-user MFA.
To learn more, please review the documentation on security defaults. For assistance, please contact support.
Next Steps
- Implement MFA—Immediately enable MFA via security defaults or Conditional Access by following the security defaults guidance.
- Retest your individual users if they can login after MFA is enabled and configured.
Key Details About Security Defaults
What Happens When Security Defaults Are Implemented?
- Once the security defaults are implemented, every user in the organization must register for MFA within 14 days.
- When users sign into their account, they will see a prompt to set up the Microsoft Authenticator app. Users can choose to get started with the app or defer the action. After 14 days, the option to defer set-up will disappear.
- Users should install the Microsoft Authenticator app on their mobile device and register their account. Please refer to the Microsoft Authenticator app guidance for specific instructions.
Can Security Defaults Be Disabled Once They’ve Been Implemented By Microsoft?
Yes. However, we strongly recommend that security defaults remain enabled unless you have determined other security protections for your CSP tenant that include MFA, such as Conditional Access.
What If We Are Using Legacy Authentication Protocol?
We recommend deprecating legacy authentication and using security defaults or Conditional Access. To prepare to move away from legacy authentication, please review the sign-ins using legacy authentication workbook and the guidance on how to block legacy authentication.
Supporting Articles:
How to configure MFA for O365
https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
How to Migrate Legacy MFA to the Microsoft Entra Authentication Method
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage
How to re register MFA and Delete old App passwords
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userdevicesettings#manage-user-authentication-options