Microsoft has put out a new standard for security defaults in a tenant that harden default settings in the org. Security defaults make it easier to help protect your organization from these attacks with preconfigured security settings:
Requiring all users to register for Azure Multi-Factor Authentication.
Requiring administrators to perform multi-factor authentication.
Blocking legacy authentication protocols.
Requiring users to perform multi-factor authentication when necessary.
Protecting privileged activities like access to the Azure portal.
Now, there might be many reasons why you would not want these defaults enabled in your tenant, just remember that you will need to setup these things manually should you change the security defaults setting.
How to change security defaults in Azure/M365
Log into https://portal.azure.com with your Global Admin account.
Click on Azure Active Directory to navigate to that pane.
In the list to the left, click Properties.
Scroll to the bottom of the screen on the right and click Manage Security Defaults
Make the appropriate change: YES/NO
(IMPORTANT) Save the changes by clicking the Save button
This should set the defaults for your O365 tenant as you wish to have them. Please refer to the references below for more information and detail into each of the security defaults.
MORE POSTS TO COME ON SECURITY AND COMPLIANCE! HAVE A WONDERFUL DAY!
I was going through my LinkedIn feed as I do daily and found a post with the following document. Great post and document. I wanted to add this here to my blog for reference and to share with all of you!
The document includes the following topics:
Overview Azure Active Directory Identity Protection Azure Advanced Threat Protection Azure Information Protection Office 365 Advanced Threat Protection Office 365 Cloud App Security Microsoft Cloud App Security Office 365 Advanced Data Governance Office 365 Advanced eDiscovery Office 365 Customer Key Office 365 Customer Lockbox Privileged Access Management in Office 365 Data Loss Prevention for Exchange Online, SharePoint Online, and OneDrive for Business Data Loss Prevention for Teams chat and channel conversations Information barriers Advanced Message Encryption
I just received my new laptop for my current project and was setting up Windows 10 to join the company Azure AD domain. When I got to the part where you join, I received the following error:
Turns out that my account is unable to domain join a device to the tenant. This is easily solved though. You have your tenant admin perform the following:
Go to Azure Active Directory -> Devices Check the device settings, in particular the options:
Users may join devices Maximal number of devices
Now, in my case, I did not have access as I am NOT a tenant admin:
So, I am currently waiting for my IT department to resolve the access issue and grant me access to join the device to the domain. Just be sure to look at this if you’re having issues setting up your Windows 10 device to join your Azure tenant!
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.