This additional 365 Security Defaults help doc is also presented by Microsoft, during the MFA activation experience: Īnd here’s an extra 365 admin help doc we dug up, that shows the old way of turning on MFA vs. Here’s the link Microsoft 365 shows for “ Learn More” about these new “ Security Defaults” activated by default for newer 365 hosting accounts. Scroll down the list to the right and choose “Properties”.Īnd on the left you’ll look to the bottom of the page of properties, to see and select the link to see the state of the “Security Defaults” that dictate from the AAD level (Azure Active Directory part of 365 hosting) that MFA is required. Login to and select “Admin” from the app grid.Įxpand All at the bottom of the category tree on left, and click into Active Directory.Ĭlick into the revealed choice for Active Directory that now shows on left. Steps: see “Security Defaults” via 365 Azure Active Directory And we do have faith that Microsoft will hurry up and fix this admin experience to eliminate that confusing conflict with misleading and false representation of the state of some 365 MFA systems. It’s a sad situation from Microsoft, but we’re here to help. While we don’t know why Microsoft Active Directory (that’s built into every 365 hosting account) would have MFA turned on and still let it show as “Disabled” anywhere else in 365, we can walk you through steps for taking a deeper look. Some mysteries may take longer to clear up (or may require a system re-vamp by Microsoft.) We can’t tell you why Microsoft lets MFA show as “Disabled” Recently Microsoft 365 hosting has implemented a new set of default standards, “ Security Defaults”, that are automatically turned on for a new 365 “tenant” from in the Azure Active Directory that’s built into 365.
With a little digging our SaneBox support team quickly uncovered the answer to what’s going on here. In this case of getting reports from users, the 1st thing the admin would do is login to their Microsoft 365 Admin center and look under MFA (multi factor authentication), and then they’d see - it actually still shows as “Disabled” for each and every user! We’ve heard from the administrators of Microsoft 365 hosting accounts that say their users report being asked to set up Microsoft Authenticator app even though that admin person themselves didn’t know that would happen and hadn’t turned the MFA (also known as 2FA) on yet. If you’re one of the “ Admins” for your 365 hosting, follow along with these steps we’ve put together below to show you what’s going on. If you’ve had a Microsoft 365 hosting account setup recently for email at your company and your users are being prompted to set up authentication codes - but you looked and the MFA in your 365 admin shows as “Disabled” - then follow along here and we’ll show you why. This will help us and also improve searchability for others in the community who might be researching similar information.Microsoft 365: Why are we being asked to use authentication codes if 365 admin shows MFA "Disabled" If the information helped address your question, please Accept the answer. Raising the Baseline Security for all Organizations in the World.Emergency access accounts - In addition to the recommended action(s), I'd also make sure you have emergency accounts to prevent being locked out of your Azure tenant.Thank you for your time and patience throughout this issue. If you have any other questions, please let me know.
However, from my understanding after this is enabled, you should still be able to disable Security Defaults, so that your users who can't use MFA can still get access to your Azure AD tenant. In the meantime, on May 8th, if your tenant isn't leveraging Security Defaults, Conditional Access Policies, etc., the Security Defaults feature will be enabled automatically.
When it comes to the email that you received, I found some similar internal issues and have reached out to the MFA Product Team to confirm if this is a forced feature or if this can be disabled.
0 kommentar(er)
