Today’s post will cover disabling Azure Active Directory Security Defaults through the use of Microsoft Graph PowerShell SDK.
About Microsoft Graph PowerShell SDK
The Microsoft Graph PowerShell SDK offers a seamless and intuitive way to interact with Microsoft Graph using PowerShell, a versatile and widely adopted scripting language in the Windows ecosystem. By combining the richness of PowerShell with the extensive capabilities of Microsoft Graph, administrators and developers gain a powerful toolkit for managing and automating various aspects of their Microsoft 365 environment.
One of the key advantages of the Microsoft Graph PowerShell SDK is its ability to provide a unified experience across different Microsoft 365 services. Whether it’s managing users, groups, SharePoint sites, Teams, or Exchange Online mailboxes, the SDK offers a consistent set of cmdlets and functions that simplify and streamline administrative tasks. This eliminates the need for learning multiple APIs or tools, enabling administrators to leverage their existing PowerShell knowledge and skills to manage a wide range of Microsoft 365 resources
Install and Connect
To install the SDK, it is recommended your install it on a machine with PowerShell 7.0. To install it, run the following cmdlet
Install-Module -Name Microsoft.Graph -RequiredVersion 1.27.0
Once the SDK is installed, we will run the following cmdlet to connect and also set the permission needed to disable the Azure AD security defaults.
Connect-MgGraph -Scopes "Policy.Read.All","Policy.ReadWrite.ConditionalAccess"
Disable Security Defaults
To deactivate the default Azure AD Security, you can save the code below as a PowerShell script (.PS1) and execute it. If you wish to enable it, simply change the value to “true”.
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
isEnabled = $false
}
Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -BodyParameter $params
Once the script is executed, the security defaults become disabled.

Leave a Reply