VIEW RULE IN DATADOG VIEW MISCONFIGURATIONS

Description

Security defaults in Microsoft Entra ID provide preconfigured protections against common identity attacks. When enabled, all users must register for multifactor authentication (MFA), administrators must perform MFA at every sign-in, and legacy authentication protocols are blocked. These protections are available to all tenants at no additional cost.

Organizations that use Conditional Access policies may disable security defaults intentionally, because Conditional Access supersedes them. However, this rule still reports a failure because it cannot verify the presence of equivalent Conditional Access policies from this resource alone.

Remediation

Enable security defaults in the Microsoft Entra admin center under Identity > Overview > Properties > Manage security defaults. For guidance, see Microsoft Entra security defaults.