Hey everyone! I'm looking to switch from Entra security defaults to conditional access policies for my organization. I came across some information that mentioned if I disable the security defaults with the intent of implementing conditional access, Microsoft might automatically create conditional access policies to replace the defaults. Is that accurate? Has anyone experienced this firsthand? If not, would it be better to utilize the policy templates under security foundations instead? I appreciate any insights you can share!
1 Answer
It's not that Microsoft directly recreates the security defaults. Instead, they have some Microsoft-managed conditional access policies that may be automatically generated if you don't implement your own policies to cover those areas. These generated policies ensure your tenant meets a basic level of security. When they first introduced these policies, they were set to 'report only' mode before becoming active after 45 days if no other policies were established. So, it’s best to check on that!
Thanks for the clarification! I’ll take a closer look into it. Any tips on what to focus on when I decide to disable the security defaults?