Published: May 20, 2024
Key Takeaways:
- Microsoft will enforce MFA for all Azure customers in July 2024.
- The rollout will begin with the Azure portal and extend to CLI, PowerShell, and Terraform, but won’t affect apps, websites, or services hosted on Azure.
- Administrators can tailor MFA requirements using Entra ID Conditional Access policies, and monitor MFA adoption and status with dedicated reports and tools.
Microsoft is stepping up its security game for Azure customers by mandating multi-factor authentication (MFA) starting in July 2024. This move aims to bolster account protection by requiring users to verify their identity through multiple methods, significantly reducing the risk of unauthorized access and data breaches.
Multi-factor authentication (MFA) is a security feature that requires users to provide two or more verification methods to gain access to a system, application, or account. It adds an extra layer of security to make it difficult for attackers to compromise accounts and steal sensitive data. Multi-factor authentication helps to prevent unauthorized access due to credential stuffing, phishing, brute force, and password reuse attacks.
Starting in July, Microsoft will gradually introduce a new security setting that requires multi-factor authentication (MFA) for all users signing into the Azure portal. After this rollout is complete, the company will implement a similar enforcement policy for CLI, PowerShell, and Terraform. Microsoft plans to provide additional information about specific rollout dates through official emails and notifications.
“Students, guest users and other end-users will only be affected if they are signing into Azure portal, CLI, PowerShell or Terraform to administer Azure resources. This enforcement policy does not extend to apps, websites or services hosted on Azure. The authentication policy for those will still be controlled by the app, website or service owners,” Microsoft explained.
Microsoft Entra ID supports various multi-factor authentication methods, including the Microsoft Authenticator app, Windows Hello for Business, SMS, voice calls, and hardware tokens. Admins can use Entra ID Conditional Access policies to customize when MFA is needed. These policies can be based on various signals, such as the user’s location, device, role, or current risk level.
Microsoft recommends that administrators enable MFA within their tenants using the MFA wizard for Microsoft Entra. They can track which users have registered for multi-factor authentication with the authentication methods registration report. Additionally, IT admins can use a PowerShell script to generate a report showing the MFA status for all end users.