This is a security feature can be enabled with any licenses, no addition security license needed.

Security Defaults will enable and enforce the following identity protection features.

• Requiring all users and admins to register for MFA.
• Challenging users with MFA – mostly when they show up on a new device or app, but more often for critical roles and tasks.
• Disabling authentication from legacy authentication clients, which can’t do MFA.

This is basic security feature coming enabled with every new tenant registered after 2019. If your subscription was created on or after October 22, 2019, security defaults might have been automatically enabled for you—you should check your settings to confirm.

• Security defaults (suitable for most businesses)
• Conditional Access (for businesses with more stringent security requirements)

Security Defaults can be considered as a basic function of Condition Access. Please write a comment or contact us to implement and secure your organization/business.