Before proceeding with any other troubleshooting steps, it is crucial to check if Azure AD Security Defaults are enabled in your environment. Security Defaults in Azure AD might interfere with some federated authentication sessions.
Steps to Check and Disable Azure AD Security Defaults:
- Sign in to Azure Portal:
- Go to [https://portal.azure.com](https://portal.azure.com) and sign in with an account that has administrator privileges. - Navigate to Azure Active Directory:
- In the Azure portal, select **Azure Active Directory** from the left-hand navigation pane. - Go to Properties:
- In the Azure Active Directory pane, select Properties. - Check Security Defaults Status:**
- At the bottom of the Properties page, find the option for **Manage Security Defaults**.
- Click on it to view the current status of Security Defaults. - Disable Security Defaults (If Necessary):
- If Security Defaults are enabled and you have a specific requirement for using an external IdP without these defaults, consider disabling them.
- To disable, set the Enable Security Defaults option to No
Please note that disabling Security Defaults will remove certain baseline security protections. Ensure that you have alternative controls in place to maintain your security posture.
Important Considerations:
- Assess Security Impact: Before disabling Security Defaults, assess the impact on your overall security. Security Defaults include basic security measures like requiring all users to register for MFA.
- Alternative Controls: If you disable Security Defaults, ensure that you have equivalent or stronger security controls in place, especially for MFA and conditional access.
- Compliance: Verify that disabling Security Defaults does not conflict with any compliance requirements your organization may have.