Enable or disable Microsoft 365 security defaults

[Andy]

New Microsoft 365 accounts automatically have security defaults enabled to protect you from phishing and other identity-related attacks.

Security defaults help protect you from identity-related attacks with preconfigured security settings. This means that all email users will be asked to register for multi-factor authentication (MFA) using the Microsoft Authenticator app. We recommend using security defaults, but you can enable or disable these settings to fit your business needs.

When security defaults are enabled, your organization's email must be set up in clients that support modern authentication and don't use IMAP, SMTP, or POP mail protocols. For example, Office 2016 and newer and the Mail app for Mac are supported clients.

Required: You need admin permissions to change security default settings. For more info, see admin roles from Microsoft.

1. Sign in to the Azure portal. Use your Microsoft 365 email address and password. If you don't have access to your sign-in method, first reset your MFA.
2. Search for Azure Active Directory.
   
   
3. Under Manage, select Properties.
   
   
4. Select Manage Security defaults.
   
   
5. Set the Enable Security defaults toggle to Yes. Or, set the toggle to No and choose a reason for disabling.
6. Select Save. You'll see confirmation that your security defaults saved.
   

Required: If you already have Conditional Access policies enabled, you'll need to disable them before you can enable security defaults. Sign in to your Conditional Access Policies and select the policy. Under Details, select Delete, and then select Yes to confirm. Repeat as needed to remove all enabled policies.