Forum Discussion
Enabling Security Defaults seemed to have no effect; MFA policies not applied etc. (Azure AD Basic)
I manage a Basic Azure AD tenant for a small business. I just turned on Security Defaults under Properties > Manage Security Defaults but it seems to have had no effect at all. According to this ...
Hi all,
Security Defaults requires all users to register for MFA within 14 days; however, users can postpone this registration. After 14 days, they will be forced to do the registration; however, this happens during interactive sign-ins.
If a user doesn't perform the MFA registration and a bad actor figures out the user's password, they can register their phone or authentication app as an MFA method.
It is recommended to revoke existing tokens to require all users to register for multifactor authentication. This revocation event forces previously authenticated users to authenticate and register for multifactor authentication.
https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#revoking-active-tokens