Forum Discussion
Security Defaults and MFA
I have three 365 E3 accounts and a couple accounts without licenses. Today I enabled Security Defaults. I previously had MFA enabled on all accounts. I think this is legacy MFA. Now with Security...
Hi all,
Security Defaults requires all users to register for MFA within 14 days; however, users can postpone this registration. After 14 days, they will be forced to do the registration; however, this happens during interactive sign-ins.
If a user doesn't perform the MFA registration and a bad actor figures out the user's password, they can register their phone or authentication app as an MFA method.
It is recommended to revoke existing tokens to require all users to register for multifactor authentication. This revocation event forces previously authenticated users to authenticate and register for multifactor authentication.
https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#revoking-active-tokens
Security Defaults requires all users to register for MFA within 14 days; however, users can postpone this registration. After 14 days, they will be forced to do the registration; however, this happens during interactive sign-ins.
If a user doesn't perform the MFA registration and a bad actor figures out the user's password, they can register their phone or authentication app as an MFA method.
It is recommended to revoke existing tokens to require all users to register for multifactor authentication. This revocation event forces previously authenticated users to authenticate and register for multifactor authentication.
https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#revoking-active-tokens