Start a new migration batch on the on-premises Exchange Server or in Office 365. The…
How to Disable security defaults in Microsoft Entra ID
Microsoft automatically enables security defaults in new Microsoft 365 tenants to protect you from phishing and other identity-related attacks. If you set up a Conditional Access policy, you can’t enable it before you turn off security defaults. In this article, you will learn how to disable security defaults in Microsoft Entra ID.
Why disable security defaults?
Security defaults should be disabled when you configure Azure AD Multi-Factor Authentication. Otherwise, you can’t enable the Conditional Access policy and below error appears.
Disable security defaults in Microsoft Entra admin center
To disable security defaults in the Microsoft tenant, follow these steps:
- Sign in to Microsoft Entra admin center
- Click on Identity > Overview > Properties
- Select Manage security defaults
- Set security defaults to Disabled
- Select a reason for disabling security defaults
- Click Save
- Confirm that Security defaults appear as Your organization is not protected by security defaults
You did successfully turn off security defaults in the Microsoft tenant.
Disable security default with Microsoft Graph PowerShell
To disable security defaults with Microsoft Graph PowerShell, follow the below steps:
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force
Important: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.
- Connect to Microsoft Graph PowerShell.
Connect-MgGraph -Scopes "Policy.Read.All", "Policy.ReadWrite.ConditionalAccess"
- Run the below command to disable security defaults.
Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -IsEnabled:$false
- Verify that security defaults is disabled with this command.
Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy | ft DisplayName, IsEnabled
- Confirm that the output shows like below.
DisplayName IsEnabled
----------- ---------
Security Defaults False
Read more: How to Restrict access to Microsoft Entra admin center »
Conclusion
You learned how to disable security defaults in Microsoft Entra ID. There are two methods for disabling security defaults, which are Microsoft Entra admin center and Microsoft Graph PowerShell. Choose the one that suits you the best.
Did you enjoy this article? You may also like Export Office 365 users MFA status with PowerShell. Don’t forget to follow us and share this article.
This Post Has 0 Comments