Header image overlay

Microsoft forces multi-factor authentication (or conditional access) on its users

In order to increase the security level of its users, Microsoft has recently started with the phased implementation of "Security Defaults" in Microsoft 365 environments. This new security standard has already been applied to new tenants (business environments in Microsoft Azure) since last year. The use of Multifactor Authentication is mandatory and Legacy Authentication (a collection of old protocols) is blocked.

Now that the news about the Microsoft Security Defaults is becoming more and more known, more and more questions arise about its impact. High time to clarify this!

Azure AD Security Defaults

We have been saying for years that passwords are rarely secure. Phishing and keylogging are common methods used by hackers to get hold of passwords. To increase the security level of its users, the company is implementing some stricter security settings in its Microsoft 365 environments. The use of Multifactor Authentication or Conditional Access will become mandatory. Legacy Authentication (an outdated login protocol) will be deactivated and replaced by Modern Authentication.

What changes when?

  • New tenants: Security Defaults are now automatically activated
  • Existing tenants: environments without Security Defaults that no using Conditional Access are automatically converted in stages

Note: Customers without an Azure AD P1 licence are not able to activate Conditional Access and are by definition converted. This licence is included in several bundles including Microsoft 365 Business Premium or Microsoft 365 E3/E5.

Impact Security Defaults

For customers who belong to this second category, the new Azure AD Security Defaults will soon be activated automatically. In concrete terms, this means that tenant administrators (Global Admins) will be asked to activate the "Security Defaults" function in the Azure AD environment during the login process. This can be postponed for a maximum of 14 days. If this does not happen, the function will be activated automatically by Microsoft.

What is the impact on users?

  • Multifactor Authenticationfor all users required - there are no exceptions. Without proper communication beforehand, it is therefore possible that users will 'suddenly' no longer be able to log on.
  • Legacy Authenticationis blocked for all users - There are no exceptions here either. Most e-mail programmes make the switch from Legacy to Modern Authentication flawlessly. If users still report problems, manual intervention is necessary.

As an organisation, you had better be well prepared! Without taking the right measures in advance, users 'suddenly' run the risk of experiencing login problems. Therefore, do not hesitate to contact us if necessary.

Contact form

vat no.*

"Without the right measures in advance, users are at risk of 'suddenly' experiencing login problems. Therefore, do not hesitate to contact us where necessary."

share this post:

Review webinar
Discover how Microsoft Intune in combination with the Belgian Scappman can take the installation and updating of software out of your hands.

Related info