Quelle: Link
Security defaults make it easier to help protect your organization from identity-related attacks like password spray, replay, and phishing common in today’s environments.
Microsoft is making these preconfigured security settings available to everyone, because we know managing security can be difficult. Based on our learnings more than 99.9% of those common identity-related attacks are stopped by using multifactor authentication and blocking legacy authentication. Our goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.
These basic controls include:
- Requiring all users to register for multifactor authentication
- Requiring administrators to do multifactor authentication
- Requiring users to do multifactor authentication when necessary
- Blocking legacy authentication protocols
- Protecting privileged activities like access to the Azure portal
Who’s it for?
- Organizations who want to increase their security posture, but don’t know how or where to start.
- Organizations using the free tier of Microsoft Entra ID licensing.
Who should use Conditional Access?
- If you’re an organization with Microsoft Entra ID P1 or P2 licenses, security defaults are probably not right for you.
- If your organization has complex security requirements, you should consider Conditional Access.
Move from security defaults to Conditional Access
While security defaults are a good baseline to start your security posture from, they don’t allow for the customization that many organizations require. Conditional Access policies provide a full range of customization that more complex organizations require.
| Security defaults | Conditional Access | |
|---|---|---|
| Required licenses | None | At least Microsoft Entra ID P1 |
| Customization | No customization (on or off) | Fully customizable |
| Enabled by | Microsoft or administrator | Administrator |
| Complexity | Simple to use | Fully customizable based on your requirements |