Microsoft to Mandate MFA for Accessing Microsoft 365 Admin Center

Microsoft will soon require multi-factor authentication (MFA) for accessing the Microsoft 365 admin center. Starting on February 3, the company will begin rolling out this new MFA requirement in phases at the tenant level.

Microsoft 365 admin center is a web-based portal that allows administrators to manage their organization’s users, settings, licenses, subscriptions, and more. Microsoft has found that MFA helps to reduce the risk of account compromise by 99.2 percent. This feature allows organizations to reduce the risk of unauthorized access and protect sensitive data, accounts, and resources.

“Multi-factor authentication (MFA) is a security feature that requires you to provide two or more pieces of evidence to prove your identity when you sign in to an online service,” Microsoft explained. “MFA adds an extra layer of protection to your account and your data, reducing the risk of unauthorized access even if your password is compromised.”

How can organizations get additional time to prepare for this MFA requirement?

Microsoft acknowledged that organizations with complex setups may need more time to prepare for this MFA requirement. These organizations can request an extension through the Azure Portal, which will also apply to the Microsoft Entra admin center and the Microsoft Intune admin center.

Customers who haven’t added an MFA verification method before the mandatory requirement rollout will still be able to access the Microsoft 365 admin center. However, they will be prompted to register for MFA and add a verification method.

Microsoft notes that security defaults are already enabled for organizations created on or after October 22, 2019. Administrators can view these settings by signing in to the Microsoft Entra admin center and navigating to Identity > Overview > Properties. If you haven’t done this yet, we recommend checking out this support document to manually set up multifactor authentication within your organization.