Wednesday, June 29, 2022

Network Defend, LLC is closing

 

Transition News

Network Defend, LLC will be closing our doors on July 7, 2022 as we transition to a new adventure.  Existing clients are being guided through this transition to a new service company as their needs dictate.

As time permits, I may update this blog with new technical articles of general interest.

Monday, June 27, 2022

Unable to enable Security Defaults on free Microsoft Azure accounts? (FIX)

 If you manage an older Office 365 tenant, and noticed that your old MFA settings and other security features stopped working, you might have read that there are a new set of security baseline settings available.

However . . .  when you attempt to enable those settings, the Azure admin portal fails to accept them with various errors.  Other features that may break include turning on new polices for safe links, safe attachments, or anything to do with legacy authentication or MFA enforcement.

A quick test: try to follow the steps in this Microsoft document:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

When you click the link on your portal under Properties >> Manage security Defaults and try to turn on "Enable Security Defaults" you may see this failure error message:


Worse, if you are using the "Free" version of Azure without a P1 license or higher, you can no longer navigate via the menu to the classic policies to audit them.  So (as of this writing) here is a direct link to the page you need:

https://portal.azure.com/?microsoft_aad_iam_classicPolicyDontHide=true&microsoft_aad_iam_enableClassicPoliciesMenu=true#view/Microsoft_AAD_IAM/ConditionalAccessBlade/~/ClassicPolicies

There, you will see a page much like this, with four or more policies enabled.  Click the triple dot option link beside each and disable.


Back at your policy page, do a forced refresh and try to enable the Security Defaults again, it should work now!