Enforces Multi-Factor Authentication (MFA) for all Azure account holders, as decreed by Microsoft

Enforces Multi-Factor Authentication (MFA) for all Azure account holders, as decreed by Microsoft

Microsoft, the second-largest hyperscaler behind Amazon Web Services, has announced a significant shift in its security strategy. According to Synergy Research Group, the tech giant ended the second quarter with a 23% share of the cloud infrastructure services market. This move comes as part of Microsoft's Secure Future Initiative, aimed at overhauling its cybersecurity strategy by integrating key security features into its platforms and services.

The cornerstone of this initiative is the enforcement of multifactor authentication (MFA) on Microsoft's Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. This enforcement will be rolled out starting in 2024, with mandatory MFA requirements for all sign-in attempts to these services.

The enforcement of MFA follows a phased approach. Phase 1, starting in October 2024, will make MFA mandatory for accounts signing into the Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center to carry out any Create, Read, Update, or Delete (CRUD) actions. This applies worldwide and enforces MFA at the application sign-in level for these portals.

Phase 2, starting in September 15, 2025, will extend MFA enforcement to service and command-line tools such as Azure CLI, Azure PowerShell, Azure mobile app, Infrastructure as Code (IaC) tools, and REST API endpoints for creating, updating, or deleting resources. Notably, read-only operations do not require MFA.

Organizations can enable security defaults in Microsoft Entra ID to require all users and administrators to register and use MFA. This includes requiring admins with privileged roles to use MFA for every sign-in. The Microsoft Authenticator app is a common MFA method supported, providing one-time codes and push notifications.

Administrators can also create conditional access policies in the Microsoft Entra admin center or Azure portal to enforce MFA on targeted users, groups, or applications. This allows more granular control over MFA enforcement. Policies can be configured to require MFA only under specific conditions or for certain roles or resources.

Through custom controls in Conditional Access, organizations can integrate third-party MFA solutions such as Duo Security. For example, Duo provides a "Duo MFA" custom control that can be added to Entra ID conditional access policies to require two-factor authentication during sign-in to Microsoft services including the Azure portal and Intune admin center.

Microsoft's MFA mandate is firm, but the company is being flexible with the types of MFA customers can use to meet the requirement. Customers can use Microsoft Authenticator, FIDO2 security keys, certificate-based authentication, passkeys, text message, or voice-based approval to enforce MFA through Microsoft Entra.

This move by Microsoft comes amidst a series of high-profile cyberattacks. A wave of attacks targeting more than 100 Snowflake customers was also linked to systems without MFA. The ransomware attack against Change Healthcare in February was attributed to a system without multifactor authentication. In response to a critical report from the federal Cyber Safety Review Board, Microsoft CEO Nadella has made security the top priority.

In summary, the enforcement of MFA on Azure portal, Entra admin center, and Intune admin center involves mandatory MFA starting with interactive portal sign-ins for all users in late 2024, expanded to command-line and API usage by late 2025. This is part of Microsoft’s broader Secure Future Initiative to strengthen identity security and reduce account compromise risks.

Read also:

• UNEX EV, U Power's collaborator, inks LOI with Didi Mobility for the implementation of UOTTA battery-swapping vehicles in Mexico.
• Rapid growth observed in the German electric vehicle market - an explanation of the car flatting concept
• North America's Smart Meter Market Forecast 2025: Wave Two Rollouts Thrive, Accounting for 75% of Yearly Shipments by 2030 - According to ResearchAndMarkets.com
• Stratospheric Blockchain Network Launched by World Mobile and Protelindo