Logo
Increase Your Office 365 Security for Free with Security Defaults (for Admins)
Office 365; Security

Increase Your Office 365 Security for Free with Security Defaults (for Admins)

26 December 2019 By Hal Sclater

How to improve your Office 365 tenant security by configuring Security Defaults. This is a guide for Office 365 administrators.

All Office 365 customers can now significantly improve the security of their tenant regardless of which licenses they have. Previously this required Azure AD Premium P1, so this is great news for smaller customers.

Before you enable Security Defaults, be aware of the impact:

  • All users must register for MFA within 14 days.
  • Administrators will be required to use MFA every time they log in.
  • Normal users require MFA occasionally when a risky sign-in is detected.
  • Legacy authentication (Outlook 2010, IMAP, SMTP, POP3) is blocked.
  • Users accessing the Azure portal, PowerShell, or CLI require MFA.

Step 1: Check Modern Authentication

Connect to Exchange Online PowerShell and check:

Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

If it’s set to false, enable it:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Step 2: Disable Legacy MFA

Go to the Microsoft 365 admin center > Users > Active Users > Multi-Factor authentication. Disable MFA for any users who have it set to Enforced — Security Defaults will replace this.

Step 3: Enable Security Defaults

Clip Image0014 Thumb

Clip Image0024 Thumb

  1. Log in to the Azure AD portal with a Global Admin account.
  2. Click Properties on the left.
  3. Click Manage Security Defaults at the bottom.
  4. Click Yes to enable, then Save.

Check Enrollment Status

Use PowerShell to see who has enrolled:

Get-MsolUser -all | Where{!$_.StrongAuthenticationMethods} | Select UserPrincipalName

Or list all users with their status:

Get-MsolUser -all | Sort-Object Userprincipalname | ft Userprincipalname, StrongAuthenticationMethods

See Increasing your account security with MFA (for users) for the user impact of enabling security defaults.

Image

Image 1