Microsoft has put out a new standard for security defaults in a tenant that harden default settings in the org. Security defaults make it easier to help protect your organization from these attacks with preconfigured security settings:
- Requiring all users to register for Azure Multi-Factor Authentication.
- Requiring administrators to perform multi-factor authentication.
- Blocking legacy authentication protocols.
- Requiring users to perform multi-factor authentication when necessary.
- Protecting privileged activities like access to the Azure portal.
Now, there might be many reasons why you would not want these defaults enabled in your tenant, just remember that you will need to setup these things manually should you change the security defaults setting.
How to change security defaults in Azure/M365
- Log into https://portal.azure.com with your Global Admin account.
- Click on Azure Active Directory to navigate to that pane.
- In the list to the left, click Properties.
- Scroll to the bottom of the screen on the right and click Manage Security Defaults
- Make the appropriate change: YES/NO
- (IMPORTANT) Save the changes by clicking the Save button
This should set the defaults for your O365 tenant as you wish to have them. Please refer to the references below for more information and detail into each of the security defaults.