The Azure security defaults were first rolled out in October of 2019, but wasn't enabled for customers who had Azure AD tenants prior
Microsoft, which began rolling out security defaults to customers who created Azure AD tenants post October 2019, has now extended the roll-out for those who created accounts prior to that date, a senior company official has announced.
This effort by Microsoft aims to stop password and phishing attacks and benefitted more than 30 million enterprises across the world in the first effort with an additional 60 million more accounts being protected by the defaults in the coming month or so.
“When complete, this rollout will protect an additional 60 million accounts (roughly the population of the United Kingdom!) from the most common identity attacks,” says Alex Weinert, Microsoft’s director of identity security, in a blog post on the company’s website.
The company had announced that it would automatically enable strict secure default settings, known colloquially as “security defaults” on all the existing Azure Active Directory (AD) tenants by late June.
The security defaults process, which was first introduced in October 2019, comprises a set of basic security mechanisms that are designed to introduce and maintain a good security hygiene with the smallest of effort for organizations of all types, including those with no IT teams.
In addition to boosting the defenses of enterprises against password and phishing attacks, the secure defaults also aims to get organizations to use the free tier of the Azure AD licensing that allows system administrators to just toggle on security defaults via the Azure portal.
The Microsoft official explained that the defaults were introduced for new tenants to ensure that they had basic security hygiene such as multi-factor authentication and modem authentication, irrespective of having a license for Azure AD, which is Microsoft’s cloud service.
The blog post says 30 million organizations having these security details in place are less prone to breaches. They experience 80% less compromise than the overall tenant population. Most tenants simply leave it on, while others add even more security with Conditional Access when they’re ready,” Weinert says.
Microsoft says it will notify global admins of eligible Azure AD tenants this month about security defaults through an email. In late June, they would get an Outlook notification prompting them to click on “enable security defaults” with a warning that security details will be automatically enabled for their organizations within 14 days.