Disable Azure AD Security Defaults With PowerShell

Today’s post will cover disabling Azure Active Directory Security Defaults through the use of Microsoft Graph PowerShell SDK.

About Microsoft Graph PowerShell SDK

The Microsoft Graph PowerShell SDK offers a seamless and intuitive way to interact with Microsoft Graph using PowerShell, a versatile and widely adopted scripting language in the Windows ecosystem. By combining the richness of PowerShell with the extensive capabilities of Microsoft Graph, administrators and developers gain a powerful toolkit for managing and automating various aspects of their Microsoft 365 environment.

One of the key advantages of the Microsoft Graph PowerShell SDK is its ability to provide a unified experience across different Microsoft 365 services. Whether it’s managing users, groups, SharePoint sites, Teams, or Exchange Online mailboxes, the SDK offers a consistent set of cmdlets and functions that simplify and streamline administrative tasks. This eliminates the need for learning multiple APIs or tools, enabling administrators to leverage their existing PowerShell knowledge and skills to manage a wide range of Microsoft 365 resources

Install and Connect

To install the SDK, it is recommended your install it on a machine with PowerShell 7.0. To install it, run the following cmdlet

Install-Module -Name Microsoft.Graph -RequiredVersion 1.27.0

Once the SDK is installed, we will run the following cmdlet to connect and also set the permission needed to disable the Azure AD security defaults.

Connect-MgGraph -Scopes "Policy.Read.All","Policy.ReadWrite.ConditionalAccess"

Disable Security Defaults

To deactivate the default Azure AD Security, you can save the code below as a PowerShell script (.PS1) and execute it. If you wish to enable it, simply change the value to “true”.

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	isEnabled = $false
}

Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -BodyParameter $params

Once the script is executed, the security defaults become disabled.


Posted

in

, ,

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.