You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/concept-fundamentals-security-defaults.md
+18-10Lines changed: 18 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: conditional-access
8
8
ms.topic: conceptual
9
-
ms.date: 02/11/2022
9
+
ms.date: 03/01/2022
10
10
11
11
ms.author: joflore
12
12
author: MicrosoftGuyJFlo
@@ -39,12 +39,12 @@ Microsoft is making security defaults available to everyone. The goal is to ensu
39
39
40
40
### Who's it for?
41
41
42
-
-If you're an organization that wants to increase your security posture but you don't know how or where to start, security defaults are for you.
43
-
-If you're an organization using the free tier of Azure Active Directory licensing, security defaults are for you.
42
+
-Organizations who want to increase their security posture, but don't know how or where to start.
43
+
-Organizations using the free tier of Azure Active Directory licensing.
44
44
45
45
### Who should use Conditional Access?
46
46
47
-
- If you're an organization currently using Conditional Access policies to bring signals together, to make decisions, and enforce organizational policies, security defaults are probably not right for you.
47
+
- If you're an organization currently using Conditional Access policies, security defaults are probably not right for you.
48
48
- If you're an organization with Azure Active Directory Premium licenses, security defaults are probably not right for you.
49
49
- If your organization has complex security requirements, you should consider Conditional Access.
50
50
@@ -110,7 +110,13 @@ Using Azure Resource Manager to manage your services is a highly privileged acti
110
110
111
111
It's important to verify the identity of users who want to access Azure Resource Manager and update configurations. You verify their identity by requiring more authentication before you allow access.
112
112
113
-
After you enable security defaults in your tenant, any user who's accessing the Azure portal, Azure PowerShell, or the Azure CLI will need to complete more authentication. This policy applies to all users who are accessing Azure Resource Manager, whether they're an administrator or a user.
113
+
After you enable security defaults in your tenant, any user accessing the following services must complete multi-factor authentication:
114
+
115
+
- Azure portal
116
+
- Azure PowerShell
117
+
- Azure CLI
118
+
119
+
This policy applies to all users who are accessing Azure Resource Manager services, whether they're an administrator or a user.
114
120
115
121
> [!NOTE]
116
122
> Pre-2017 Exchange Online tenants have modern authentication disabled by default. In order to avoid the possibility of a login loop while authenticating through these tenants, you must [enable modern authentication](/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online).
The credentials for these emergency access accounts should be stored offline in a secure location such as a fireproof safe. Only authorized individuals should have access to these credentials.
138
-
139
-
For more detailed information about emergency access accounts, see the article [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md).
143
+
The credentials for these emergency access accounts should be stored offline in a secure location such as a fireproof safe. Only authorized individuals should have access to these credentials.
140
144
141
145
To create an emergency access account:
142
146
@@ -151,6 +155,10 @@ To create an emergency access account:
151
155
1. Under **Usage location**, select the appropriate location.
152
156
1. Select **Create**.
153
157
158
+
You may choose [disable password expiration](../authentication/concept-sspr-policy.md#set-a-password-to-never-expire) to for these accounts using Azure AD PowerShell.
159
+
160
+
For more detailed information about emergency access accounts, see the article [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md).
161
+
154
162
### Authentication methods
155
163
156
164
These free security defaults allow registration and use of Azure AD Multi-Factor Authentication **using only the Microsoft Authenticator app using notifications**. Conditional Access allows the use of any authentication method the administrator chooses to enable.
@@ -175,11 +183,11 @@ If your organization is a previous user of per-user based Azure AD Multi-Factor
175
183
176
184
### Conditional Access
177
185
178
-
You can use Conditional Access to configure policies similar to security defaults, but with more granularity including user exclusions, which aren't available in security defaults. If you're using Conditional Access and have Conditional Access policies enabled in your environment, security defaults won't be available to you. If you have a license that provides Conditional Access but don't have any Conditional Access policies enabled in your environment, you're welcome to use security defaults until you enable Conditional Access policies. More information about Azure AD licensing can be found on the [Azure AD pricing page](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing).
186
+
You can use Conditional Access to configure policies similar to security defaults, but with more granularity including user exclusions, which aren't available in security defaults. If you're using Conditional Access and have Conditional Access policies enabled in your environment, security defaults won't be available to you. More information about Azure AD licensing can be found on the [Azure AD pricing page](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing).
179
187
180
188
181
189
182
-
Here are step-by-step guides on how you can use Conditional Access to configure a set of policies, which form a good starting point for protecting your identities:
190
+
Here are step-by-step guides for Conditional Access to configure a set of policies, which form a good starting point for protecting your identities:
183
191
184
192
-[Require MFA for administrators](../conditional-access/howto-conditional-access-policy-admin-mfa.md)
185
193
-[Require MFA for Azure management](../conditional-access/howto-conditional-access-policy-azure-management.md)
0 commit comments