Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Reply
Level 2 Contributor

Regarding 'Action Required: Ensure transition from baseline policies to security defaults before February 29, 2020'

We've just received the communication that the baseline policies are being deprecated in favor of the 'Security Defaults' feature.

 

I'm trying to switch over. I have disabled the Baseline Policies and when attempting to enable the new 'Security Defaults', I receive the following blocking notice:

It looks like you have Classic policies enabled. Enabling Classic policies prevents you from enabling Security defaults.

 

I located some settings called 'Classic Policies' under the same Conditional Access node in AzureAD that housed Baseline policies and have attempted disabling (no effect) and deleting (no effect). 

 

Has anyone run into this / have any suggestions? I've tried to file a support case directly in AzureAD but we'll have to pay for it - so I'd like to avoid that if possible.

 

Thanks in advance!

3 REPLIES 3
Level 2 Contributor

I'm happy to report that our issue is resolved. For anyone that may be monitoring this, I was advised by Azure support that a bug had been ID'd and they were working on a fix which should be available today (Friday Jan 24th, 2020). 

 

When I attempted to enable the Security Defaults today, I was no longer presented wiht the 'Classic Policies' blocking error and was instead presented with info that my Baseline policies would be disabled upon activation of the Defaults. I was then able to successfully click 'OK' to proceed and have confirmed that the Baselines have been disabled and 'Security Defaults' now show as 'ON'.

Moderator

@Scott-NetRes it sounds like you have the appropriate permissions to make the request change. Since you are unable to delete or disable the policy I would recommend opening a support ticket through Partner Center. If you are an indirect reseller, then you will have to reach out to Microsoft support directly. If you are concerned about the cost associated with opening a support ticket directly with Microsoft, then I would strongly recommend that you look to leverage your partner benefits if possible. 

Level 2 Contributor

@idwilliams 

 

Great Minds, yada yada 😉 Not long after running into the Azure 'paid support' links, I did go the route of opening a case thru Partner Support. They were very helpful in assisting me with opening a case with Azure. 


That said, the case was opened over a week ago and we've made very little headway at this time. I'm still trying to sort it out, but everything I've come across (which isn't much) in relation to the 'Classic Policies' blocking error isn't working in our tenant.

 

When we get it sorted, I'll circle back to update here in case there are any other partners who end up running into the same thing.