Forum Discussion
Why is Microsoft being a bully in regard to security defaults?
Hi,
I received this email today:
The security defaults setting for your domain.com tenant will be turned on by May 11, 2023
You’re receiving this email because you’re a global administrator for domain.com.
To help protect your organization, we’re always working to improve the security of Microsoft cloud services. As part of this, we’re enabling the security defaults setting in your tenant that includes multifactor authentication, which can block more than 99.9 percent of identity attacks that attempt to compromise your accounts.
When you log in to your account between April 27, 2023, and May 11, 2023, you’ll see a message prompting you to proactively enable security defaults. If you haven’t logged in or enabled this setting when that timeframe ends, we’ll enable it for you automatically.
This is my subscription, I pay for it and Microsoft has no right to tell me what to do!!!! Angry
I already disabled my security defaults in Azure admin centre a long time ago and do not want security defaults on because there may be situations where my mobile is unavailable, there is no signal or the battery is flat.
Microsoft can suggest this, but cannot force their clients to enable this if they don't want to. There are many of my clients that don't want to authenticate a second time because it would cause a nightmare with their employees.
Forcing someone is dictatorship. In a democratic society people get to choose what they want to do.
I read that I can use conditional access policies but Microsoft is going to hit you with an additional Azure AD Premium subscription on top of what you are already paying. Many of my clients are small businesses who try to keep their costs down.
Currently inflation is rampant and many small businesses are going bust.
Thanks Microsoft for increasing our cost of living and running a business.
This is my 2 cents worth on this subject.
Yes, we can consider to opt-out to fit our organization requirement
- Horizon_ITCopper Contributor
I hate security default, forcing sodding auth apps, great until the user changes phone and loses them all, or the back up isn't 100%.
I'm all for 2FA, but simple text message is WAY better.