Apr 19 2020
- last edited on
Jan 14 2022
I manage a Basic Azure AD tenant for a small business.
I just turned on Security Defaults under Properties > Manage Security Defaults but it seems to have had no effect at all. According to this document, https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-d... , this should have made a number of changes including but not limited to:
After enabling security defaults I checked the Security Identity Score and it is unchanged and recommending enabling policies that security defaults should have fixed.
I can't enable these policies manually as we have Azure AD Basic. This situation of documented Azure AD functionality requiring a Premium upgrade is getting ridiculous. At the very least Basic should have applied Security Defaults as documented.
Apr 19 2020 07:39 PM - edited Apr 19 2020 07:41 PM
If you were able to save the changes and Security Default applied-
I think the best way to test the Security Defaults and see if applied- sign in with Admin Account and see if you get prompted for MFA, it should prompt every time you login.
I have found that users don't get prompted for MFA, unless they are doing something like accessing sensitive information or logging on from another country.
Security score will change after sometime but not instantly.
Apr 23 2020 01:56 AM
@Moe_Kinani you were right my security score is bumped up considerably now and the policies are definitely enable as my new users are getting grilled by AD when choosing passwords.
Obviously takes few days for changes to be reflected here.