Microsoft has announced it will be enforcing Multi-Factor Authentication (MFA) for all Microsoft 365 tenants beginning March 11, 2024.
Microsoft will begin its rollout of security defaults on all tenants that don’t already have security defaults or Conditional Access policies enabled. Security Defaults will also be enabled for tenants that currently have legacy authentication (per-user MFA).Your partners at Networks Plus strongly encourage you to implement MFA immediately if Security Defaults or Conditional Access policies are not already enabled. Doing so now will prevent disruptions in March.
What Are Security Defaults?
Security defaults make it easier to help protect your organization from identity-related attacks like password spray, replay, and phishing – all of which are very common in today's environments.
Microsoft is making these preconfigured security settings available to everyone, to make managing security a little easier. Based on recent studies, more than 99.9% of those common identity-related attacks are stopped by using multifactor authentication and blocking legacy authentication.
Microsoft has issued a goal to ensure that all organizations have at least a basic level of security enabled at no extra cost.
These basic controls include:
How will these Security Policies be Enforced?
All users have 14 days to register using the Microsoft Authenticator app or any app supporting OATH TOTP. After 14 days have passed, the user can't sign in until registration is completed. A user's 14-day period begins after their first successful interactive sign-in after enabling security defaults.
When users sign in and are prompted to perform multifactor authentication, they see a screen providing them with a number to enter in the Microsoft Authenticator app. This measure helps prevent users from falling for MFA fatigue attacks.
What happens when security defaults are implemented?
· Once the security defaults are implemented, every user in the organization must register for MFA within 14 days.
· When users sign into their account, they will see a prompt to set up the Microsoft Authenticator app. Users can choose to get started with the app or defer the action. After 14 days, the option to defer set-up will disappear.
· Users should install the Microsoft Authenticator app on their mobile device and register their account. Please refer to the Microsoft Authenticator app guidance for specific instructions.
Can security defaults be disabled once they’ve been implemented by Microsoft?
Yes. However, we strongly recommend that security defaults remain enabled unless you have determined other security protections that include MFA, such as Conditional Access.
What if we are using legacy authentication protocol?
We recommend deprecating legacy authentication and using security defaults or Conditional Access. To prepare to move away from legacy authentication, please review the sign-ins using legacy authentication workbook and the guidance on how to block legacy authentication.
What if I’m not sure how to proceed?
Call us! We are happy to assist you to ensure you don’t have any down time.