Ensure Security Defaults is enabled on Microsoft Entra ID
Why This Matters
Security defaults provide a baseline level of protection for all Microsoft Entra ID tenants by automatically enforcing critical security policies like multifactor authentication (MFA) for all users and blocking legacy authentication protocols. Without these defaults enabled, your organization may be exposed to common identity-based attacks, such as password spray or credential theft, because users can sign in without MFA and older, less secure authentication methods remain active. Enabling security defaults is a low-cost, high-impact step that significantly reduces your attack surface while you plan more granular Conditional Access policies.
What Aether365 Checks
This check verifies that the Enable security defaults setting in your Microsoft Entra ID tenant is turned on. It appears in the Aether365 dashboard under the entra-id security checks category.