Control: 5.1.1 Ensure that 'security defaults' is enabled in Microsoft Entra ID

Description

[IMPORTANT - Please read the section overview: If your organization pays for Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, F5, or Business Premium, and EM&S E3 or E5 licenses) and CAN use Conditional Access, ignore the recommendations in this section and proceed to the Conditional Access section.]

Security defaults in Microsoft Entra ID make it easier to be secure and help protect your organization. Security defaults contain preconfigured security settings for common attacks.

Security defaults is available to everyone. The goal is to ensure that all organizations have a basic level of security enabled at no extra cost. You may turn on security defaults in the Azure portal.

Remediation

Remediate from Azure Portal

To enable security defaults in your directory:

1. From Azure Home select the Portal Menu.
2. Browse to Microsoft Entra ID > Properties.
3. Select Manage security defaults.
4. Under Security defaults, select Enabled (recommended).
5. Select Save.

Remediate from Powershell

Connect-MgGraph -Scopes "Policy.ReadWrite.ApplicationConfiguration"
Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -IsEnabled $true
(Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy).IsEnabled

Remediate from Azure CLI

az rest --method patch --url
'https://graph.microsoft.com/v1.0/policies/identitySecurityDefaultsEnforcemen
tPolicy' --body '{"isEnabled":true}'
az rest --method get --url
'https://graph.microsoft.com/v1.0/policies/identitySecurityDefaultsEnforcemen
tPolicy' --query "isEnabled"

Default Value:

If your tenant was created on or after October 22, 2019, security defaults may already be enabled in your tenant.