Learning and Sharing
  • Home
  • Blog
  • Linux
  • macOS
  • VirtualBox
  • VMware
  • Windows
  • Series
    • Symantec
    • Intune
    • Microsoft Azure
    • Powershell
    • VirtualBox
    • VMware
    • PowerShell Learning
    • Microsoft Graph
  • More
    • Auto Installation
    • AEC Installation
  • Contact
No Result
View All Result
  • Home
  • Blog
  • Linux
  • macOS
  • VirtualBox
  • VMware
  • Windows
  • Series
    • Symantec
    • Intune
    • Microsoft Azure
    • Powershell
    • VirtualBox
    • VMware
    • PowerShell Learning
    • Microsoft Graph
  • More
    • Auto Installation
    • AEC Installation
  • Contact
No Result
View All Result
No Result
View All Result

How to Enable, Disable or Modify Security Defaults with Microsoft Graph PowerShell

September 27, 2023
in Blog, Microsoft Graph
0
ADVERTISEMENT

Table of Contents

PowerShell allows us to quickly and effectively make changes to the configuration of our Microsoft Entra Tenant. We can also use PowerShell to ensure that when new Tenants are created or onboarded, they keep to a common standard set by the organization.

Security Defaults are one of the most important settings for any tenant admin to ensure it is enabled and if it isn’t, to ensure that Conditional Access policies are implementing the protection instead.

Note Related: Enable/Disable Security Defaults from Microsoft Entra admin center.

In this tutorial, we’re going to show you how to enable and disable Security Defaults in your tenant using Microsoft Graph PowerShell.

Before you begin

Make sure you have:

  • A Windows computer with Windows PowerShell 5.1+ or PowerShell 7+.
  • A Linux or macOS computer with PowerShell core has been installed.
  • Install Microsoft Graph PowerShell SDK.
PS C:\> Get-InstalledModule Microsoft.Graph

Version              Name                                Repository           Description
-------              ----                                ----------           -----------
2.6.1                Microsoft.Graph                     PSGallery

Modify Security Defaults with Microsoft Graph PowerShell

1️⃣ Start by connecting to Graph with the minimal required permissions.

Connect-MgGraph -scope 'Policy.ReadWrite.SecurityDefaults', 'Policy.Read.All'

2️⃣ To view how your current Security Defaults setting is configured using Microsoft Graph PowerShell you can utilise the Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy cmdlet. While this command retrieves a lot of information, use the following example to view the IsEnabled attribute which will tell you if Security Defaults is enforced or not.

Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy | Select DisplayName, IsEnabled
DisplayName       IsEnabled
-----------       ---------
Security Defaults     False

3️⃣ To determine if Security Defaults is enabled or disabled in your tenant, review the following list:

  • IsEnabled = False: Security Default is disabled.
  • IsEnabled = True: Security Defaults it enabled.

4️⃣ To modify these settings with Microsoft Graph PowerShell, use the similar update command Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy.

$body = @{
	isEnabled = $false   #Change to $true to enable the Security Defaults
}

Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -BodyParameter $body

Troubleshooting

As the Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy command is quite specific, there is a chance you may come across an error when trying to run it. You may also notice that although the -IsEnabled parameter is present and configured to accept a Boolean True/False value, it still fails when you try to run.

Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -IsEnabled $true

Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy : A positional parameter cannot be found that accepts argument ‘True’.
At line:1 char:1
+ Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -IsEnabled $t …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Update-MgPolicy…forcementPolicy], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy

Instead, by removing the $true value from the command, Security Defaults are successfully enabled.

Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -IsEnabled
Note Note: If you are enabling Security Defaults you must also ensure that you do not have any Conditional Access policies configured in Microsoft Entra, if you do, the command will fail with the following error.

Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy : Conditional access policies are enabled. Please disable and try again.

Not a reader? Watch this related video tutorial:

5/5 - (1 vote)
Previous Post

How to Install ionCube Loader in CentOS 8

Next Post

How To Install Netcat on Windows 10/11

Related Posts

Ftr38

[WinForms] Creating GUIs in Windows PowerShell with WinForms

November 15, 2023
Ftr21

Converting DateTime Obtained from Microsoft Graph Call to PowerShell Date and Time Format

October 21, 2023
Ftr21

Translate Microsoft 365 License GUIDs to Product Names in PowerShell Microsoft Graph

October 19, 2023
Ftr21

How to Get an Access Token for Microsoft Graph PowerShell / API

November 27, 2023
Ftr21

Getting Access Token for Microsoft Graph

November 27, 2023
Ftr5

How to Copy Files without Changing Date Creation Time on Windows

November 27, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • [WinForms] Creating GUIs in Windows PowerShell with WinForms
  • Converting DateTime Obtained from Microsoft Graph Call to PowerShell Date and Time Format
  • Translate Microsoft 365 License GUIDs to Product Names in PowerShell Microsoft Graph

Categories

Stay in Touch

Discord Server

Join the Discord server with the site members for all questions and discussions.

Telegram Community

Jump in Telegram server. Ask questions and discuss everything with the site members.

Youtube Channel

Watch more videos, learning and sharing with Leo ❤❤❤. Sharing to be better.

Newsletter

Join the movement and receive our weekly Tech related newsletter. It’s Free.

General

Microsoft Windows

Microsoft Office

VMware

VirtualBox

Technology

PowerShell

Microsoft 365

Microsoft Teams

Email Servers

Copyright 2023 © All rights Reserved. Design by Leo with ❤

No Result
View All Result
  • Home
  • Linux
  • Intune
  • macOS
  • VMware
  • VirtualBox
  • Powershell
  • Windows 10
  • Windows 11
  • Microsoft 365
  • Microsoft Azure
  • Microsoft Office
  • Active Directory