Azure Conditional Access - Disable Security Defaults
I've had a few questions from people whom are trying to create conditional access policies - but are unable to due to the error message "It looks like you're about to manage your organization's security configurations. That's great! You must first disable Security defaults before enabling a Conditional Access policy."
Security Defaults
When this is switched on this makes it easier to manage security as soon as you create your tenant. It provides a decent base-level of security such as
- Require all users + admins to register for MFA
- Block legacy authentication protocols
- Protect privileged activities like access to the Azure portal
This is generally if you don't know where to start or if you are using AAD free-tier then this is a useful default.
When security in your tenant begins to evolve, which it probably is if you're here and trying to create your first conditional access policy then you'll certainly need to switch off security defaults in order to progress with custom security.
Read more here...
Conditional policy
The error...
How to switch off security defaults
It's a simple change, but I only recommend this if you are ready to create custom security policies and want to further evolve your security ecosystem. If you switch this off and do not engineer your security then this would be a bad move.
Simply head to AAD > Properties
You'll notice "Manage Security defaults" discretely at the bottom of the page. Click on this and you'll see a right fly-in window with a Yes or No toggle. Flick this off.
No more error message and now free to create custom conditional access policies!