Azure AD Security Defaults

Overview

Azure AD Security Defaults are preconfigured security settings in Microsoft Entra ID designed to protect organizations from identity-related attacks. They provide a basic level of security at no extra cost, making it easier for organizations to secure their environments without complex configurations.

Core Functionality

• Multifactor Authentication (MFA): Require all users to register for MFA to protect against identity-related attacks such as password spray, replay, and phishing.
• Block Legacy Authentication: Prevent the use of legacy authentication protocols that are more susceptible to attacks, including protocols like IMAP, POP3, and SMTP.
• Protect Privileged Activities: Ensure that privileged activities, such as access to the Azure portal, require MFA for an extra layer of security.
• Monitor and Review: Regularly monitor and review security settings and access patterns to ensure the effectiveness of security defaults.

Well-Architected Framework

Operational Excellence

• Automation: Automate the enforcement of security settings to reduce manual intervention and improve operational efficiency.
• Monitoring: Implement monitoring to track the performance and availability of security settings, setting up alerts for any issues.

Security

• Identity Management: Use Azure Active Directory (AAD) for secure access and identity management.
• Compliance: Ensure compliance with organizational policies and industry regulations by regularly reviewing and adjusting security settings.

Cost Optimization

• Budget-Friendly: Azure AD Security Defaults are available at no extra cost, making them a budget-friendly option for enhancing security.

References

• Azure AD Security Defaults Documentation
• Create an Access Review
• Manage Access Reviews