Security Defaults vs Conditional Access [CHK-1167]
This check verifies if Security Defaults are enabled, despite having a premium license, and recommends using Conditional Access for better control over tenant's security.
Rationale
Microsoft 365 comes with Security Defaults enabled by default, providing basic security measures. However, for organizations with a premium license, Conditional Access offers more control over access to the Microsoft environment.
Fix
An automated fix is available through Attic.
To fix it yourself:
- Navigate to the Entra admin center at https://entra.microsoft.com
- Open Identity > Overview > Properties
- Select Manage security defaults
- Set Security defaults to Disabled
Impact
Disabling Security Defaults and using Conditional Access instead provides more refined access control to your Microsoft environment.