<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
About Microsoft Enabling Security Defaults for Azure Active Directory
Jun 17, 2025
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Single Sign-On
Overview

Microsoft has begun issuing notifications to customers advising the requirement of all Office 365 users to enroll in Azure MFA. This is due to the planning of Microsoft’s broader release of the MFA requirements that were first introduced in October 2019, called Security Defaults. Security Defaults is a setting outside of Conditional Access, which enables Multi-Factor Authentication, which is planned to begin broader availability at all license tiers. This broader release will begin targeting tenants created before October 2019, who haven’t changed any security settings since deployment. In this article, we seek to provide details and solutions for the potential impacts this can have on Okta Federated organizations already protected by Okta MFA.

Applies To
  • Office 365 Federation (WS-FED)
  • User Lifecycle Management
  • Single Sign-On (SSO)
  • Multi-Factor Authentication (MFA)
Cause
  • If Conditional Access is used in an environment, security defaults won't be available.
  • Enabling Security Defaults will effectively turn on MFA by default. Users will be required to enroll in Azure MFA.
  • Office 365 imports, provisioning, and updates to SSO domain federation may begin to malfunction.
    • Office 365 domain federation cannot be updated (existing federated domains are not expected to be impacted).
    • All new Office 365 provisioning and imports will fail (already provisioned users will not be impacted).
    • User and Universal Sync will not work if the Azure admin credentials provided to Okta require MFA.
    • Imports will not work unless the customer has provided admin consent to Okta.
  • Users may enter an infinite sign-on loop as detailed in the "Okta MFA satisfies Azure AD MFA requirement" of the Okta Manual chapter on, Use Okta MFA for Azure Active Directory

MFA

Solution

If Okta MFA from Azure AD is enabled, Okta suggests Disabling Security Defaults by following the steps below:

  1. Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
  2. Browse to Azure Active Directory > Properties.
  3. Select Manage security defaults.
  4. Set Enable Security defaults to Disabled (not recommended).
  5. Select Save.


Azure 

Security defaults 

 

Related References

Recommended content

Still looking for help?
Loading
About Microsoft Enabling Security Defaults for Azure Active Directory