This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
As part of the Secure Future Initiative, we’ve evolved our security approach to align with three security principles: secure by design, secure by default, and secure operations. Secure by default means security protections are enabled and enforced by default. In Microsoft Entra, security defaults are an example demonstrating our secure by default approach. Security defaults are enabled for every new tenant. This provides a baseline level of protection for your Entra identities and resources. To make sure that organizations relying on security defaults are well protected, we’re updating a requirement for authentication method to help improve your security posture.
We’re removing the option to skip multifactor authentication (MFA) registration for 14 days when security defaults are enabled. This means all users will be required to register for MFA on their first login after security defaults are turned on. This will help reduce the risk of account compromise during the 14-day window, as MFA can block over 99.2% of identity-based attacks. This change affects newly created tenants starting on December 2nd, 2024 and will be rolled out to existing tenants starting in January 2025.
This update is part of our ongoing effort to provide you with a secure and reliable identity service. We recommend that you enable security defaults for your organization if you’ are not using Conditional Access, as security defaults offer a simple and effective way to protect your users and resources from common threats.
To learn more about these upcoming updates and how you can best prepare your user, please review our documentation.
Nitika Gupta
Group Product Manager, Identity
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.