Changing the M365 Tenant Security Defaults through Azure

Microsoft has put out a new standard for security defaults in a tenant that harden default settings in the org. Security defaults make it easier to help protect your organization from these attacks with preconfigured security settings:

  • Requiring all users to register for Azure Multi-Factor Authentication.
  • Requiring administrators to perform multi-factor authentication.
  • Blocking legacy authentication protocols.
  • Requiring users to perform multi-factor authentication when necessary.
  • Protecting privileged activities like access to the Azure portal.

Now, there might be many reasons why you would not want these defaults enabled in your tenant, just remember that you will need to setup these things manually should you change the security defaults setting.

How to change security defaults in Azure/M365

  • Log into https://portal.azure.com with your Global Admin account.
  • Click on Azure Active Directory to navigate to that pane.
  • In the list to the left, click Properties.
  • Scroll to the bottom of the screen on the right and click Manage Security Defaults
  • Make the appropriate change: YES/NO
  • (IMPORTANT) Save the changes by clicking the Save button
Manage Security Defaults for Tenant AAD

This should set the defaults for your O365 tenant as you wish to have them. Please refer to the references below for more information and detail into each of the security defaults.

MORE POSTS TO COME ON SECURITY AND COMPLIANCE!
HAVE A WONDERFUL DAY!

REFERENCES:
What Are Security Defaults?
Setup Multi-Factor Authentication
Security Defaults

Microsoft 365 Tenant-Level Services Licensing Guide

I was going through my LinkedIn feed as I do daily and found a post with the following document. Great post and document. I wanted to add this here to my blog for reference and to share with all of you!

The document includes the following topics:

Overview
Azure Active Directory Identity Protection
Azure Advanced Threat Protection
Azure Information Protection
Office 365 Advanced Threat Protection
Office 365 Cloud App Security
Microsoft Cloud App Security
Office 365 Advanced Data Governance
Office 365 Advanced eDiscovery
Office 365 Customer Key
Office 365 Customer Lockbox
Privileged Access Management in Office 365
Data Loss Prevention for Exchange Online, SharePoint Online, and OneDrive for Business
Data Loss Prevention for Teams chat and channel conversations
Information barriers
Advanced Message Encryption

Download your copy of this document as reference:

POSITIVE ENERGY SUCCEEDS!
PLEASE COMMENT!

Error 801c0003 when joining computer to Azure AD

I just received my new laptop for my current project and was setting up Windows 10 to join the company Azure AD domain. When I got to the part where you join, I received the following error:

Error Joining Computer to Azure AD

Turns out that my account is unable to domain join a device to the tenant. This is easily solved though. You have your tenant admin perform the following:

Go to Azure Active Directory -> Devices
Check the device settings, in particular the options:

Users may join devices
Maximal number of devices

Azure AD Settings Page

Now, in my case, I did not have access as I am NOT a tenant admin:

So, I am currently waiting for my IT department to resolve the access issue and grant me access to join the device to the domain. Just be sure to look at this if you’re having issues setting up your Windows 10 device to join your Azure tenant!

HAPPY TROUBLESHOOTING!
POSITIVE ENERGY!

References:
Issue Joining A Device To An Azure AD Tenant Domain