How to Disable Security Defaults in Office 365?

Security Defaults are a set of policies that are enabled by default for Microsoft 365 (Office 365) accounts to provide increased account and organizational security. These settings include using Multi-Factor Authentication (MFA) for logins, disabling legacy mail protocols (IMAP, POP3, and SMTP), etc. In some cases, the Microsoft 365 administrator needs to turn off some of the Security Defaults settings in Microsoft 365 tenants.

Azure Ad security defaults are a set of identity security mechanisms recommended by Microsoft. When enabled, these recommendations will be automatically enforced in your organization. Administrators and users will be better protected from common identity-related attacks. Security Defaults are free for all Microsoft 365 subscriptions and replace the Baseline Conditional Access policies.

Security Defaults enable the following settings in the Azure tenant:

  • Multi-Factor Authentication for administrators and users (a request to configure MFA appears on each user sign-in);
  • Legacy authentication protocols are disabled, and this blocks access to Office 365 mailboxes from old clients and legacy protocols that do not support Modern Authentication (Office 2010, IMAP, POP3, SMTP, ActiveSync), as well as connecting to Exchange Online via Remote PowerShell;
  • Force MFA for privileged accounts in Azure AD when accessing management tools that use the Azure Resource Manager API (Azure Portal Access, Azure PowerShell, Azure CLI).

You can enable or disable Security Defaults in your Azure tenant settings:

  1. Open the Microsoft Azure Portal login page and log in with an Azure or Microsoft 365 tenant Global Administrator account;
  2. Select Azure Active Directory > Properties;
  3. At the very bottom of the tenant settings page, click on the Manage Security Defaults link;
    disable security defaults office 365
  4. You will see a window in which only one Enable Security defaults (Yes/No) switch is available. Security Defaults are enabled by default for all new Azure (Microsoft 365) tenants. If you want to disable Security Defaults, select No, and walk through a small Microsoft survey:

    We’d love to understand why you’re disabling Security defaults so we can make improvements.
    – My organization is using Conditional Access;
    – My organization is unable to use critical business applications;
    – My organization is getting too many MFA challenges;
    – Other.

  5. Press the Save button;
    office 365 disable security defaults

Now users will no longer be prompted to configure the MFA when sign-in. If Multi-Factor Authentication is already configured for some users, you can disable it.

  1. Sign in to Microsoft 365 Admin Center (https://admin.microsoft.com/#/users);
  2. Select Users > Active Users;
  3. Press the Multi-factor authentication;
    azure disable security defaults
  4. Find the user you want to disable MFA for, select it, and click Disable;
    disable security defaults azure

To enable the use of legacy email protocols, you need to:

  1. Go to the https://admin.microsoft.com;
  2. Select Settings > Org Settings > Modern authentication;
  3. Select the legacy protocols that you want to allow to use for email clients;
    turn off security defaults office 365

The following protocols are available:

  • Outlook client — Includes ‎Exchange Web Services‎, ‎MAPI over HTTP‎, ‎Offline Address Book‎ and ‎Outlook Anywhere‎ protocols;
  • Exchange ActiveSync (EAS) — Used by some email clients on mobile devices;
  • Auto discover — Used by ‎Outlook‎ and ‎EAS‎ clients to find and connect to mailboxes in ‎Exchange Online‎;
  • IMAP4 — Used by ‎IMAP‎ email clients;
  • POP3 — Used by ‎POP‎ email clients;
  • Authenticated SMTP — Used by ‎POP‎ and ‎IMAP‎ clients to send email messages;
  • Exchange Online PowerShell — Used to connect to ‎Exchange Online‎ with remote ‎PowerShell‎.

Now you will be able to authenticate with Legacy email clients.

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
Cyril Kardashevsky

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.