Skip to main content


Important: Enable security defaults on your CSP tenants. 

Impacted audience

All Office 365 services


We strongly encourage you to implement MFA immediately to raise the security baseline of your tenant. Starting March 11, 2024, we will begin rolling out security defaults on all tenants that either don’t already have MFA or have per-user MFA.

To learn more, please review the documentation on security defaults. For assistance, please contact support

Next Steps

  • Implement MFA—Immediately enable MFA via security defaults or Conditional Access by following the security defaults guidance.
  • Retest your individual users if they can login after MFA is enabled and configured.

Key Details About Security Defaults

What Happens When Security Defaults Are Implemented?

  • Once the security defaults are implemented, every user in the organization must register for MFA within 14 days.
  • When users sign into their account, they will see a prompt to set up the Microsoft Authenticator app. Users can choose to get started with the app or defer the action. After 14 days, the option to defer set-up will disappear. 
  • Users should install the Microsoft Authenticator app on their mobile device and register their account. Please refer to the Microsoft Authenticator app guidance for specific instructions. 

Can Security Defaults Be Disabled Once They’ve Been Implemented By Microsoft?

Yes. However, we strongly recommend that security defaults remain enabled unless you have determined other security protections for your CSP tenant that include MFA, such as Conditional Access.

What If We Are Using Legacy Authentication Protocol?

We recommend deprecating legacy authentication and using security defaults or Conditional Access. To prepare to move away from legacy authentication, please review the sign-ins using legacy authentication workbook and the guidance on how to block legacy authentication.

Supporting Articles:

How to configure MFA for O365

How to Migrate Legacy MFA to the Microsoft Entra Authentication Method

How to re register MFA and Delete old App passwords