Hey folks, In 2012, we started the Identity security and protection team for our consumer accounts (Microsoft accounts used for signing in to OneDrive, Skype, Xbox and such). We started out by do...
Updated Nov 09, 2023
Version 8.0
Blog Post
I implemented Security Defaults for one of my tenants, and configured MFA for an end user account. I then tested logging into office.com from several different computers, in geographically different locations and found that it does not always prompt for secondary authentication. For example, i logged into my customer's office.com account from my home pc and it did not prompt. We are in the same physical town, a few miles away from each other. I then tried the same thing from a computer about 10 miles away in a different town and it did not prompt for mfa. I then attempted to login from a computer in a different state and it DID prompt for mfa. When i inspect the azure login logs, every login says it is using the "Security Defaults" policy, but it is NOT prompting for 2fa authentication in many circumstances. Is there a document available that explains, in detail, under what circumstances Security Defaults will prompt the end user for MFA authentication?