Microsoft 365 from GoDaddy Help

Enable or disable security defaults

As an admin, you can turn on security defaults to help keep your organization safe from phishing and identity-related attacks. Security defaults ensure a basic level of security, requiring all admins and users to set up a sign-in method for multi-factor authentication, or MFA. This added layer of protection can keep your account from being compromised.


Select the appropriate tab based on whether you’re an admin and the GoDaddy account owner or an admin but not the account owner.

These steps are for admins who are also the GoDaddy account owner.

  1. Sign in to your Email & Office Dashboard (use your GoDaddy username and password).
  2. On the leftmost side, select Microsoft 365 Admin, and then Security Settings.
    The Microsoft 365 admin menu in the Email and Office Dashboard with Security Settings highlighted.
  3. Under Protect Your Email with Security Defaults, select Manage.
  4. Select Continue.
    manage security defaults modal with continue highlighted
  5. Search for a domain name in your organization.
    • If there are linked domains in your organization, select See list of domains in this organization to see which domains will be affected by changes to security defaults.
    example domain name with enable security defaults toggle
  6. To enable or disable security defaults, turn on (shows green) or turn off the Enable security defaults toggle, and then select Save.

You’ll see a confirmation that security defaults were enabled or disabled successfully.

Required: Microsoft phased out Basic authentication, an outdated method of connecting Microsoft 365 accounts with email clients, in 2023. Make sure your users have email clients with modern authentication, like Outlook 2016 or newer and Apple Mail, after enabling security defaults. The latest versions of most email clients already support it.

These steps apply to admins who are not GoDaddy account owners.

Warning: Please follow these steps carefully. Making changes in the Microsoft Entra admin center outside of these steps can cause issues that our GoDaddy Guides may not be able to help you fix. See our Statement of Support.
  1. Sign in to the Microsoft Entra admin center. Use your Microsoft 365 email address and password (your GoDaddy username and password won't work here).
  2. Search for Tenant properties, and then select it from the results.
    The search bar with Tenant properties entered.
  3. Select Manage security defaults. A window will open on the rightmost side.
    At bottom of page, Manage security defaults
  4. Under Security defaults, select Enabled or Disabled.
    The dropdown menu for security defaults.
  5. Select Save. You’ll see a confirmation that security defaults were enabled or disabled successfully.
Required: Microsoft phased out Basic authentication, an outdated method of connecting Microsoft 365 accounts with email clients, in 2023. Make sure your users have email clients with modern authentication, like Outlook 2016 or newer and Apple Mail, after enabling security defaults. The latest versions of most email clients already support it.

I have Classic policies enabled

If you see an error saying that you have Classic policies enabled, you need to disable them before you can enable security defaults (if this does not apply to you, skip ahead to the next section).

  1. Go to your Classic policies page (or, in the search bar at the top of the Microsoft Entra admin center, enter and select Azure AD Conditional Access, and then select Classic policies).
  2. Select the policy, and then, at the top of the page, select Disable.
  3. Repeat as needed to disable all enabled policies.

Set up your multi-factor authentication method

Congrats! If you've enabled security defaults, you've taken an important step to securing your email accounts. But we're not done yet — once you’ve turned on security defaults, your admins and users have 14 days to register an MFA method. After 14 days, they won’t be able to sign in without an MFA method. Each user's 14-day period starts after their first successful interactive sign-in post-activating security defaults.

Next step

More info

Share this article