Cloud Security

Microsoft to roll out security defaults to millions more worldwide

A logo sits illuminated outside the Microsoft booth at the SK telecom booth of the GSMA Mobile World Congress on Feb. 28, 2022, in Barcelona, Spain. (Photo by David Ramos/Getty Images)

Microsoft announced this week that it’s rolling out security defaults to existing customers who have yet to enable the defaults or Azure AD Conditional Access, applying the defaults to millions of more customers.

The software giant introduced security defaults in October 2019 for new tenants with basic security hygiene in place, especially multi-factor authentication (MFA) and modern auth requirements, regardless of license, Alex Weinert, Microsoft’s director of identity security, wrote in the announcement. 

Since then, more than 30 million organizations are protected by the defaults and experience 80% fewer compromises than the overall tenant population, he continued. However, tenants created before October 2019 were not included in the defaults unless they explicitly enabled features such as Conditional Access, Identity Protection and MFA — until now.

Microsoft will start the security defaults for customers who don't use Conditional Access, and who aren't actively using legacy authentication clients. Redmond will notify global admins by email, and begin to apply the defaults in late June. The security defaults are expected to protect an additional 60 million accounts. 

“When we look at hacked accounts, more than 99.9% don’t have MFA, making them vulnerable to password spray, phishing, and password reuse,” Weinert said.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.