Security defaults should be enabled in Microsoft Entra ID

azure-active-directory
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

Security defaults in Microsoft Entra ID provide preconfigured protections against common identity attacks. When enabled, all users must register for multifactor authentication (MFA), administrators must perform MFA at every sign-in, and legacy authentication protocols are blocked. These protections are available to all tenants at no additional cost.

Organizations that use Conditional Access policies may disable security defaults intentionally, because Conditional Access supersedes them. However, this rule still reports a failure because it cannot verify the presence of equivalent Conditional Access policies from this resource alone.

Remediation

Enable security defaults in the Microsoft Entra admin center under Identity > Overview > Properties > Manage security defaults. For guidance, see Microsoft Entra security defaults.