Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 301
Reply with quote  #1 
Hi,
a few questions about enabling Security Defaults (*) on an Azure AD tenant
(https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)

1. If I enable it, are all users then obliged to use MFA ? No exceptions ?
2. Are they obliged to use it every time they login, or just once a day ?
3. Do I still have to enable MFA for each user separately in the Users blade ? 
4. Is it really free ? No Premium P1 ?
5. Is it still in preview or general available ?

(*) Azure AD, Properties, [Manage Security Defaults], Enable Security defaults=YES

Pieter

__________________
Pieter Demeulemeester
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 937
Reply with quote  #2 
Sorry for late response

1. If I enable it, are all users then obliged to use MFA ? No exceptions ?
 - No. All admins and users that have admin rights are enforced.
 Exception should be the break glass acount in case MFA breaks - https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access
2. Are they obliged to use it every time they login, or just once a day ?
- It is against each unique login (open browser, open OneDrive, close browser, you'll need new MFA)
 - you can put in named networks (trusted locations)
3. Do I still have to enable MFA for each user separately in the Users blade ? 
 - no, this is a central policy, apply it to all users or selected groups
4. Is it really free ? No Premium P1 ?
 - yes ish (as free as MS gets)
5. Is it still in preview or general available ?
 
- Generally available.

My 2 cents.
Enabled MFA on all users for everything. 
Ignore trusted locations, AAD joined machines etc.
This one action will make compromised credentials less valuable.
As a MSP engineer I probably OK a MFA prompt too many times for an end user.
Tell them 3 days to fix crypto/ restore serves/ the pain of the Data Protection Comissioner using a microscope/ costs a decent box on money, or use MFA.


N
o idea why its all underlined...

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 301
Reply with quote  #3 
Hi, thanks for the reply.

__________________
Pieter Demeulemeester
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.