To thwart password and phishing attacks, Microsoft deploys default security provisions for a massive number of Azure Active Directory (AD) users.
Microsoft started rolling out these default provisions for customers who created a new Azure AD tenant after October 2019, but not for customers who created Azure AD tenants before October 2019.
Today, Azure AD defaults are used by approximately 30 million organizations, according to Microsoft, and over the next month Microsoft plans to roll them out to many more organizations, protecting 60 million. additional accounts.
“When complete, this rollout will protect an additional 60 million accounts (roughly the population of the UK!) against the most common identity attacks,” says Alex Weinert, director of identity security at Microsoft. .
Azure AD is Microsoft’s cloud service for identity management and authentication for on-premises and cloud applications. This is the evolution of Active Directory Domain Services.
Microsoft introduced Security Defaults in 2019 as a core set of identity security mechanisms for less well-resourced organizations that wanted to strengthen defenses against password attacks and by phishing. It was also intended for organizations using the free tier of the Azure AD license, allowing those administrators to simply switch to these secure settings through the Azure portal.
These configurations weren’t intended for large enterprises or those already using more advanced Azure AD controls like Conditional Access policies.
As Weinert explains, default security settings were introduced for new tenants to ensure they have “basic security hygiene” including multi-factor authentication (MFA) and modern authentication. , regardless of license. The 30 million organizations that have these settings in place are much less prone to data leaks, he points out.
“These organizations experience 80% fewer compromises than all tenants overall. Most tenants simply leave the system in place, while others add even more security with Conditional Access when they’re ready,” says Mr Weinert.
Default security settings mean that users will face multi-factor authentication “if needed,” based on the user’s location, device, role and task, according to Weinert. Administrators, on the other hand, will need to use multi-factor authentication every time they log in.
Deployment of security defaults will primarily affect organizations that do not use Conditional Access, have not yet used security defaults, and are “not actively using legacy authentication”.
Thus, Exchange Online customers who are still using traditional authentication will not be able to take advantage of the default security settings. Microsoft wanted to disable legacy authentication for Exchange Online in 2020, but that was delayed by the pandemic. Now, the deadline to transition Exchange Online to Modern Authentication is October 1, 2022. Customers cannot request an extension beyond this date, Microsoft’s Exchange team pointed out earlier this month- this.
This month, Microsoft will notify global admins of eligible Azure AD tenants via email. At the end of June, these admins will see an Outlook notification from Microsoft directing them to click “enable default security settings” and a warning that “default security settings will be enabled automatically for your organizations in 14 days”.
“Global admins can choose to enable security defaults immediately or suspend them for up to 14 days. They can also explicitly choose not to apply security defaults during this time,” says Weinert. .
Once enabled, all users in a tenant will be prompted to enroll in multi-factor authentication using the Microsoft Authenticator app. Administrators must also provide a phone number.
Microsoft allows customers to disable default security settings in the “properties” section of Azure Active Directory properties or Microsoft 365 admin center.
Source: “ZDNet.com”