In March 2024, Microsoft will enable security defaults on all CSP partner tenants that haven’t already enabled security defaults, conditional access, or a third-party MFA solution.

Why is this happening?

Security defaults make it easier to help protect organisations from identity-related attacks that are common in today’s environments, such as password spray, replay, and phishing. Microsoft makes these preconfigured security settings available to everyone at no extra cost.

These basic controls include:

• Requiring all users to register for multifactor authentication
• Requiring administrators to do multifactor authentication
• Requiring users to do multifactor authentication when necessary
• Blocking legacy authentication protocols
• Protecting privileged activities like access to the Azure portal

We recommend that partners turn on security defaults immediately if needed. For more information, view the full partner announcement here.

If you need support with these changes, please get in touch with your account manager.