Written by Jake Mowrer, Principal Program Manager – Partner Security, for the Cybersecurity blog
“If only multifactor authentication was enforced for that user account.” This is the phrase that is all too familiar to security responders investigating incidents. Attacks such as Brute Force, Password Spraying, and Phishing continue to be effective tools that grant attackers unauthorized access into systems. To help combat these techniques, we are taking the next step in our journey to zero trust to protect the full customer and partner ecosystem by turning on Microsoft Azure Active Directory security defaults for customers. This blog’s focus is to help our partners who are managing their customer’s tenants understand this change so they can be proactive and enable the defaults for their customers today.
About Azure Active Directory security defaults
In a recent blog post, we announced that we are rolling out security defaults to existing Azure Active Directory tenants. Multifactor authentication, or MFA, is an important part of security defaults, and continues to prove effective against 99.9% of identity-related attacks. This rollout will include customer tenants that are managed by Microsoft partners. Customer tenants that meet one or more of the following criteria are not currently eligible for the security defaults rollout and in these cases, we’re asking partners to work with their customers to ensure MFA is turned on for all accounts in the customer’s Azure AD tenant:
- The tenant is currently using Conditional Access policies. You can view existing Conditional Access policies as well as gain insight for ways to improve existing policies and coverage by using the new Conditional Access Overview page.
- The tenant has turned off security defaults in the past.
- The tenant currently has apps using legacy authentication. You can determine if your customer is using apps that use legacy authentication by following this article.
Customers depend on you, our partners, to secure their Azure Active Directory environment against attackers. To step up to this challenge, if your customer is not already using Conditional Access policies to enforce MFA, we encourage you to turn on security defaults now in your customer’s Azure AD tenants versus waiting for us to deploy it to your customer. Below, we have provided the step-by-step instructions for how partners can roll this out today.
Read the full article