Forum Discussion

Eddie78723's avatar
Eddie78723
Copper Contributor
Apr 18, 2020

Security Defaults Allows Setting Up SMS

The web page below states that if your tenant space is using Security Defaults, which ours is, then everyone must setup MFA in 14 days and the ONLY method to use is the Microsoft Authenticator App.  ...
PeterRising's avatar
PeterRising
MVP
Apr 18, 2020

Eddie78723 

 

I'm not sure what the experience will be, as i've not been in the position you are in.  However, I would imagine that what you suspect will be what occurs after 14 days.  Can't be sure though. You just never can tell for sure sometimes with Microsoft.

 

What I would say is that it's far more preferable in my opinion to control these settings yourself if you can.  IE, turn off the security defaults in favour of deploying your own Conditional Access Policies and doing things like blocking legacy authentication.  This will allow you to test at your own pace, enable CA policies to pilot users/groups, and run in reporting mode etc.  Far better way in my opinion.  Security defaults in theory are a good idea, but some organisations could get into trouble with them if they suddenly find blanket settings applied.

Resources