Security defaults help protect you from identity-related attacks with preconfigured security settings. New Microsoft 365 accounts already have security defaults enabled, which means that all email users will be asked to register for multi-factor authentication (MFA) using the Microsoft Authenticator app. We recommend using security defaults, but you can enable or disable these settings to fit your business needs.
When security defaults are enabled, your organization’s email must be set up in clients that support modern authentication and don’t use IMAP, SMTP, or POP mail protocols (like Office 2016 and newer or Apple Mail).
Required: You need admin permissions to change security default settings. For more info, see admin roles from Microsoft.
- Sign in to the Azure portal. Use your Microsoft 365 email address and password (your ELITE WEB Co. username and password won’t work here).
- Search for Azure Active Directory.
- Under Manage, select Properties.
- Select Manage Security defaults.
- Set the Enable Security defaults toggle to Yes. Or, set the toggle to No and choose a reason for disabling.
- Select Save. You’ll see confirmation that your security defaults saved.
Required: If you already have Conditional Access policies enabled, you’ll need to disable them before you can enable security defaults. Sign in to your Conditional Access Policies and select the policy. Under Details, select Delete, and then select Yes to confirm. Repeat as needed to remove all enabled policies.
- If you disable security defaults, you can still enable multi-factor authentication for users.