Microsoft has announced the rollout of security defaults for its Azure AD customers, as part of efforts to combat the rise in cybercrime. The move will see an improvement in ‘basic security hygiene for millions of organisations across the world.

A statement on the company’s site said: “The Identity security team blocks tens of millions of attacks every day and sadly, some get through. Each compromised account gives attackers access that can cause real harm. Most of these attacks could be stopped with good security hygiene.

“Chief among these is multifactor authentication (MFA) at login and requiring modern authentication protocols. When we look at hacked accounts, more than 99.9% don’t have MFA, making them vulnerable to password spray, phishing, and password reuse.

“Unfortunately, many companies lack a team of security experts to address these issues and often have no IT team at all. So, even though the industry is clear on the importance of MFA, there’s no one to hear or execute on these security mandates. These organisations are often the most vulnerable and experience the most compromised accounts.”

To combat that problem Microsoft initially introduced security defaults in October 2019, giving new customers basic security hygiene such as MFA and modern authentication requirements. The programme now protects more than 30 million organisations and has reduced security compromises by 80%.

The latest rollout extends the defaults to users created before October 2019, targeting those that haven’t changed their security settings since they began using Azure. According to the statement, the defaults will challenge users with MFA when necessary based on factors such as location, device, role, and task. Once complete, the programme will protect in excess of 60 million users, roughly the population of the UK.

For more information on Microsoft Security defaults and how this affects you, drop us a line at +44 (0) 203 137 7273