Security defaults in Microsoft Entra ID

Quelle: Link

Security defaults make it easier to help protect your organization from identity-related attacks like password spray, replay, and phishing common in today’s environments.

Microsoft is making these preconfigured security settings available to everyone, because we know managing security can be difficult. Based on our learnings more than 99.9% of those common identity-related attacks are stopped by using multifactor authentication and blocking legacy authentication. Our goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.

These basic controls include:

Who’s it for?

  • Organizations who want to increase their security posture, but don’t know how or where to start.
  • Organizations using the free tier of Microsoft Entra ID licensing.

Who should use Conditional Access?

  • If you’re an organization with Microsoft Entra ID P1 or P2 licenses, security defaults are probably not right for you.
  • If your organization has complex security requirements, you should consider Conditional Access.

Move from security defaults to Conditional Access

While security defaults are a good baseline to start your security posture from, they don’t allow for the customization that many organizations require. Conditional Access policies provide a full range of customization that more complex organizations require.

Security defaults Conditional Access
Required licenses None At least Microsoft Entra ID P1
Customization No customization (on or off) Fully customizable
Enabled by Microsoft or administrator Administrator
Complexity Simple to use Fully customizable based on your requirements