How to Disable security defaults in Microsoft Entra ID

Microsoft automatically enables security defaults in new Microsoft 365 tenants to protect you from phishing and other identity-related attacks. If you set up a Conditional Access policy, you can’t enable it before you turn off security defaults. In this article, you will learn how to disable security defaults in Microsoft Entra ID.

Why disable security defaults?

Security defaults should be disabled when you configure Azure AD Multi-Factor Authentication. Otherwise, you can’t enable the Conditional Access policy and below error appears.

Disable security defaults in Microsoft Entra error

Disable security defaults in Microsoft Entra admin center

To disable security defaults in the Microsoft tenant, follow these steps:

  1. Sign in to Microsoft Entra admin center
  2. Click on Identity > Overview > Properties
  3. Select Manage security defaults
  4. Set security defaults to Disabled
  5. Select a reason for disabling security defaults
  6. Click Save
Disable security defaults Microsoft Entra
  1. Confirm that Security defaults appear as Your organization is not protected by security defaults
Disable security defaults verify

You did successfully turn off security defaults in the Microsoft tenant.

Disable security default with Microsoft Graph PowerShell

To disable security defaults with Microsoft Graph PowerShell, follow the below steps:

  1. Install Microsoft Graph PowerShell module.
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force

Important: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.

  1. Connect to Microsoft Graph PowerShell.
Connect-MgGraph -Scopes "Policy.Read.All", "Policy.ReadWrite.ConditionalAccess"
  1. Run the below command to disable security defaults.
Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -IsEnabled:$false
  1. Verify that security defaults is disabled with this command.
Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy | ft DisplayName, IsEnabled
  1. Confirm that the output shows like below.
DisplayName       IsEnabled
-----------       ---------
Security Defaults     False

Read more: How to Restrict access to Microsoft Entra admin center »

Conclusion

You learned how to disable security defaults in Microsoft Entra ID. There are two methods for disabling security defaults, which are Microsoft Entra admin center and Microsoft Graph PowerShell. Choose the one that suits you the best.

Did you enjoy this article? You may also like Export Office 365 users MFA status with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *