Great video Ru - while secure by default is a great concept it will always be contextual. What i would really like to see is an onboarding permissions run through rather than have defaults at all. Dont let someone create a tenant until they review and set a default of their own before the tenant spins up. I know easy create is great, but if an admin/user was asked to provide a bunch of config before tenant creation in the form of some sort of submission form or flow through window - a) they would be aware of what the current setting is and that it exists in the first place and b) they might consider looking for advice to get it secure from get go.

Great video Ru! Thank you for going through out of the box security defaults.

Default tenant config needs to span from Azure Free all the way through to E5, hence favouring Security Defaults rather than CA, and as you said, they aren’t compatible. I agree though, I’d much rather see MFA for all users, MFA for Admins and block Legacy Auth called out as specific Conditional Access Policies if your licensing supported it. Email authentication- from memory- is only available for Self Service Password Reset- not as a MFA challenge (even though it’s listed in Auth Methods). I could be wrong, that mightn’t be the default. Great content. Keep it up!

yesss WTH?? I CAN NOT access my emails

Magneto relogin please