Microsoft Entra “security defaults” to make MFA setup mandatory

Microsoft Entra

October 30, 2024 at 03:22PM

Microsoft will mandate multifactor authentication (MFA) registration for all users when security defaults are enabled, enhancing security across Entra tenants. This requirement, part of the Secure Future Initiative, starts for new tenants on December 2, 2024, and for existing tenants in January 2025, reducing account compromise risks.

**Meeting Takeaways: Microsoft Entra Security Updates**

1. **Mandatory MFA Registration**: Microsoft will make multifactor authentication (MFA) registration mandatory for all users in Entra tenants with security defaults enabled, eliminating the current 14-day window to skip registration.

2. **Enhanced Security Measures**: This change is part of Microsoft’s Secure Future Initiative, aimed at increasing cybersecurity across its products, helping to reduce account compromise risks associated with identity-based attacks, which MFA can mitigate by over 99.2%.

3. **Implementation Timeline**:
– New tenants will be affected starting December 2, 2024.
– Existing tenants will start seeing this rollout in January 2025.

4. **Security Defaults Explained**: Entra security defaults automatically activate essential security features to defend against common threats like password sprays, replay attacks, and phishing.

5. **Enabling Security Defaults**: Administrators can enable security defaults by accessing the Microsoft Entra admin center, navigating to Identity > Overview > Properties, and selecting “Manage security defaults.”

6. **Advice for Administrators**: Admins not using Conditional Access are encouraged to enable security defaults to protect users from recent common threats, but should be aware that these defaults do not allow for customization available through Conditional Access policies.

7. **Previous MFA Warnings**: Microsoft previously advised Entra global admins to enable MFA for their tenants by October 15 to prevent potential access issues to admin portals.

8. **Ongoing MFA Enforcement**: Microsoft has rolled out Conditional Access policies requiring MFA for all admins accessing Microsoft admin portals and for high-risk sign-ins across cloud apps.

9. **Broader MFA Adoption**: GitHub has begun enforcing two-factor authentication (2FA) for all active developers to further promote MFA adoption within its ecosystem.

Full Article