Microsoft Mandates MFA for All Azure Users

Written By Ruth Romano

Microsoft recently announced that it is mandating multi-factor authentication (MFA) for all Azure sign-ins. The Azure MFA requirement is part of the Microsoft’s Secure Future Initiative (SFI) which aims to ensure that Microsoft can respond more effectively to cyber threats.

Azure customers can select from the following MFA options:

Azure

  • Microsoft Authenticator

  • Passkeys (FIDO2 and/or Microsoft Authenticator)

  • Certificate-based authentication

  • External authentication methods

  • Temporary Access Pass (TAP)

  • OATH tokens (hardware and software)

  • SMS

  • Voice call

Enforcement for the MFA requirement at Azure sign-in will be rolled out in phases as detailed on the Microsoft website which are as follows:

Phase 1: Started in July 2024, enforcement for MFA at sign-in for Azure portal only will roll out gradually to all tenants. This phase will not impact any other Azure clients, such as Azure CLI, Azure PowerShell and IaC tools.

Phase 2: Starting in early 2025, enforcement for MFA at sign-in for Azure Command Line Interface (CLI), Azure PowerShell and Infrastructure as Code (IaC) tools will gradually roll out to all tenants.

Azure customers will need to implement the new MFA requirement on top of any existing access policies.

Microsoft have stated that they will consider extended timeframes for customers with complex environments or technical barriers.

Mandating multi-factor authentication (MFA) is a great step forward for Microsoft and is a measure that Romano Security Consulting would like to see all hosting and software providers mandating and all businesses implementing to ensure the security of their systems and data.

For advice and guidance on implementing MFA on your systems and applications please contact us.

Ruth Romano
Previous

DSP Toolkit Changes September 2024
Next

Global Microsoft Outage