Microsoft announced that multi-factor authentication (MFA) will be mandatory for Azure sign-in starting in the second half of 2024. This rollout will happen in phases, with the first phase requiring MFA for the Azure portal, Microsoft Entra admin center, and Intune admin center starting in October 2024. Phase 2, beginning in early 2025, will commence gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, the Azure mobile app, and Infrastructure as Code (IaC) tools.
This change is part of Microsoft's commitment to enhancing the security of its services, especially in light of the increasing frequency, sophistication, and damage caused by cyberattacks. MFA is one of the most effective security measures available, as it can block over 99.2% of account compromise attacks.
By making MFA mandatory for Azure, Microsoft is taking a significant step towards creating a more secure online environment for its customers. This move will not only help to better protect customer data and identities but will also help organizations comply with various security standards and regulations.
Microsoft will be providing a 60-day advance notice to all Entra global admins via email and Azure Service Health Notifications to inform them of the enforcement start date and actions required.
For customers who need additional time to prepare for mandatory Azure MFA, Microsoft will review extended timeframes for customers with complex environments or technical barriers.
External multi-factor authentication solutions and federated identity providers will continue to be supported and will meet the MFA requirement if they are configured to send an MFA claim.
This is a welcome change that will enhance the security of Azure for all users.