Microsoft update: Removing the option to skip multifactor authentication (MFA)

Strengthening Your Security with Secure Defaults

At ZBRIQ, we’re committed to helping our customers stay ahead of evolving cybersecurity challenges. As part of the Secure Future Initiative, Microsoft has introduced updates to enhance security with three guiding principles: secure by design, secure by default, and secure operations. Here’s what these changes mean for your organization and how they’ll improve your security posture.

What is “Secure by Default”?

Secure by default ensures that critical security features are enabled and enforced automatically. A prime example is Microsoft Entra Security Defaults, which provides baseline protection for your organization's identities and resources. These settings are applied to all new tenants by default, offering an added layer of defense against common threats.

Key Update: Immediate MFA Registration

To improve security further, Microsoft is removing the option to delay multifactor authentication (MFA) registration for 14 days when security defaults are enabled. Starting December 2, 2024 (for new tenants), and January 2025 (for existing tenants), all users will be required to register for MFA on their first login after security defaults are turned on.

This change addresses a critical vulnerability, as MFA can block over 99.2% of identity-based attacks, significantly reducing the risk of account compromise during the initial 14-day window.

What Should Your Organization Do?

If your organization isn’t already using Conditional Access, enabling security defaults is a simple and effective way to protect your users and resources from common threats. With MFA enforced at the first login, you’ll benefit from stronger account protection right from the start.

Why this matters?

This update reflects Microsoft’s ongoing commitment to delivering secure and reliable identity services. By aligning with secure defaults, your organization gains:

• Proactive threat protection: Automatic security settings to combat identity-based attacks.

• Simplified security management: A no-fuss approach to safeguarding your users.

• Peace of mind: Industry-leading protection integrated into your Microsoft Entra environment.

Next Steps

Enable Security Defaults: If you’re not already using Conditional Access, turn on security defaults to enhance your baseline protections.

Educate Your Team: Inform your users about the need for immediate MFA registration to ensure a smooth transition.

Prepare for the Update: If you manage existing tenants, be ready for the rollout starting January 2025.

At ZBRIQ, we’re here to help you navigate these updates and secure your organization. Contact us if you have questions or need assistance implementing these changes.