This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 59%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
We have newly introduced Microsoft Intune and Entra ID in our company, and we are trying to create Conditional Access policies. However, when creating them, we are prompted to disable the security defaults.
Is it possible to replace the security defaults with the policies listed under the "Secure foundation" template in the "Conditional Access Templates" section?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello nakashima,
Thanks for your question.
Security defaults are baseline pre-configured security settings available to everyone.
Organizations that choose to implement Conditional Access policies that replace security defaults must disable security defaults.
Yes, it is possible to replace the security defaults with the policies listed under the "Secure foundation" template in the "Conditional Access Templates" section like the documentation you provided
Once you configure these conditional access policies you can test them in report-only before rolling out to all your users.
Please let me know if you have further questions
You can mark it 'Accept Answer' if this helped.
Thank you for your response.
I really appreciate your quick reply, even though it was just a simple yes-or-no confirmation.