All Azure log-ins will soon require MFA authentication. Here's what you need to know

Microsoft has been tightening its belts

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Microsoft will make MFA mandatory for all Azure sign-ins starting in late 2024.
  • The rollout will occur in two phases, beginning with the Azure portal in October 2024
  • This is part of Microsoft’s broader $20 billion security investment after recent cyberattacks.
Azure login

It’s official. Microsoft has announced that multi-factor authentication (MFA) will become mandatory for all Azure sign-ins as part of its Secure Future Initiative to strengthen account security starting in the second half of 2024.

Microsoft recently announced that it will be rolling out mandatory MFA for Azure sign-ins in two phases. The first phase, starting in October 2024, will require MFA to access the Azure portal, Microsoft Entra admin center, and Intune admin center—worldwide.

In the second phase, beginning in early 2025, MFA will also be required for other Azure tools like Azure CLI, PowerShell, the Azure mobile app, and Infrastructure as Code (IaC) tools. This step-by-step approach allows organizations time to prepare for the changes while improving overall security.

Microsoft also says it will start sending a 60-day advance notice to all Entra global admins via email and Azure Service Health Notifications to inform them of upcoming enforcement actions and what steps they need to take.

This measure is part of Microsoft’s broader $20 billion investment in security to protect identities and reduce unauthorized access. The Redmond company was thrown into hot water after the SolarWinds attack and Chinese hackers’ exploit, so last year, the Secure Future Initiative was launched.

In short, SFI uses AI and automation to detect vulnerabilities faster and reduce the time needed to fix them, while also calling for international laws to protect cloud services from cyberattacks—so much so that Microsoft has reportedly told its employees in China to ditch Android for iPhones due to cybersecurity concerns and Android’s lack of Google services in the country.

User forum

0 messages