Published: Aug 19, 2024
Key Takeaways:
- Microsoft will begin enforcing multifactor authentication (MFA) for all Azure sign-ins starting October 15, 2024.
- Microsoft has recommended administrators to enable MFA for seamless access to Azure and admin portals.
- Microsoft has provided the option to postpone enforcement until April 2025 for organizations needing more time.
Microsoft is set to enforce multifactor authentication (MFA) for all Azure sign-ins. The company has urged administrators to activate MFA for their tenants ahead of the October 15 deadline to avoid disruptions in accessing Azure and admin portals.
Microsoft first announced its plans to implement automatic enforcement of multifactor authentication by default in May this year. This policy change is part of Microsoft’s broader initiative to strengthen digital security, complementing its planned $20 billion investment in security over the next five years.
Microsoft’s research shows multifactor authentication can block 99.2% of account compromise attacks. The company is committed to using securely managed, phishing-resistant MFA to protect all Azure accounts.
“One of the pillars of Microsoft’s Secure Future Initiative (SFI) is dedicated to protecting identities and secrets—we want to reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, and user and application authentication and authorization,” Microsoft explained.
Microsoft plans to roll out the mandatory multifactor authentication requirement in two phases. Starting in October, IT admins will be required to use MFA when signing into the Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. Microsoft will gradually expand this enforcement policy to all Azure tenants globally.
In early 2025, Microsoft will expand the MFA sign-in policy to include Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools. Additionally, MFA will be required to access any services through the Intune admin center, including Windows 365 Cloud PCs.
To prepare for this new policy, Microsoft has started issuing a 60-day advance notice to global admins through emails and Azure Service Health Notifications. The company also plans to provide additional alerts through the Entra admin center, Azure portal, and the Microsoft 365 message center.
Microsoft allows administrators needing more time to prepare for the MFA requirement to request an extension of the enforcement date until April 15, 2025. This capability is especially helpful for customers with complex environments or technical challenges.
Lastly, Microsoft Entra offers businesses several options for enabling multifactor authentication for their users. The service supports various MFA methods, including Microsoft Authenticator, certificate-based authentication, FIDO2 security keys, SMS, and voice verification. Administrators can monitor which users have registered for MFA within their tenants using either the authentication methods registration report or a PowerShell script.