Microsoft Security Default

May 23, 2024

About Microsoft Enabling Security Defaults for Azure Active Directory
Microsoft has begun issuing notifications to customers advising the requirement of all Office 365 users to enroll in Azure MFA. In this article, we seek to provide details and solutions for the potential impacts this can have on Passly Federated organizations already protected by Passly 2FA.

Overview

Microsoft has begun issuing notifications to customers advising the requirement of all Office 365 users to enroll in Azure MFA. This is due to planning of Microsoft’s broader release of the MFA requirements that were first introduced in October 2019 called Security Defaults . Security Defaults is a setting outside of Conditional Access, which enables Multi-Factor Authentication, which is planned to begin broader availability at all license tiers. This broader release will begin targeting tenants created before October 2019, who haven’t changed any security settings since deployment. In this article, we seek to provide details and solutions for the potential impacts this can have on Passly Federated organizations already protected by Passly 2FA.

Problem

If Conditional Access is in use in an environment, security defaults won't be available.
Enabling Security Defaults will effectively turn on MFA by default. Users will be required to enroll in Azure MFA.
Office 365 imports, provisioning, and updates to SSO domain federation may begin to malfunction.
Office 365 domain federation cannot be updated (existing federated domains not expected to be impacted)

All new Office 365 provisioning and imports will fail (already provisioned users will not be impacted)
User and Universal Sync will not work if the Azure admin credentials provided to Passly require 2FA
Imports will not work unless customer has provided admin consent to Passly
Users may enter infinite sign-on loop as detailed in the "Passly 2FA satisfies Azure AD MFA requirement".

Work Around 

If you have used Passly via the Graph API to federate Microsoft 365, we suggest Disabling Security Defaults.

  1. Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
  2. Browse to Azure Active Directory > Properties.
  3. Select Manage security defaults.
  4. Set Enable Security defaults to Disabled.
    Note: this step is not recommend if you are not working with a federated application.
  5. Select Save.

Related References



Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section