Microsoft Announces Mandatory Multi-Factor Authentication for Azure

• Microsoft is making multi-factor authentication (MFA) mandatory for all Azure, Entra, and Intune sign-ins.
• The decision, a part of the Secure Future Initiative, aims to reduce phishing and hijacking attacks.

Microsoft is bolstering security measures by making multi-factor authentication (MFA) mandatory for accessing all Azure services. The new requirement will begin rolling out in October 2024 and apply to crucial administrator portals, including Azure, Microsoft Entra admin center, and Intune admin center.

Importance of MFA

MFA is a critical security feature that provides additional protection by requiring users to provide two or more verification factors for account access. This notably reduces the risk of unauthorized access, which is essential as cyber-attacks become increasingly sophisticated. According to Microsoft’s research, MFA can block more than 99% of attacks to compromise accounts, making it vital to protect against phishing and password-spreading attempts.

Implementation

Microsoft will enforce MFA in two phases:

• The first phase is set for October 15. The MFA requirement will initially apply to only the Azure portal, the Intune admin center, and the Entra admin center. Administrators must ensure all users accessing these portals are equipped with MFA before this date.
• The second phase is slated for early 2025. MFA enforcement will extend to other Azure tools, including Azure PowerShell, Azure Command Line Interface (CLI), and Infrastructure as Code (IaC).

Administrators will receive a 60-day notice before enforcement begins, allowing enough time for preparation. The notifications will likely be sent via email, Azure Service Health Notifications, and other official channels.

Microsoft Entra and Intune

Microsoft Entra is a product family that primarily includes identity and access management solutions such as Microsoft Entra ID (formerly Azure Active Directory). Entra includes tools for secure access management, such as access policies, identity governance, and MFA.

Microsoft Intune is a cloud-based service primarily focusing on mobile device management (MDM) and mobile application management (MAM). The service helps organizations control how devices such as tablets, mobile phones, and laptops are used. It also integrates with Azure AD to control access to organizational resources.

Preparation Measures

Organizations should start enabling MFA for relevant accounts to transition smoothly to the new requirements. This includes registering users with MFA methods such as SMS, authentication apps, hardware tokens, passkeys, or voice calls. Administrators are also recommended to review and update automation accounts to replace user identities with service principals or managed identities.

Furthermore, Microsoft is offering an extension option till March 2025 for organizations with complex environments. However, early adoption is advisable to minimize opportunities for vulnerability exploitation.

Takeaways

Making MFA mandatory reflects Microsoft’s efforts to bolster security in response to rising cyber threats. Organizations using Azure should act swiftly to implement such changes to protect digital assets and maintain compliance with Microsoft’s improved security standards.

The Secure Future Initiative is part of Microsoft’s initiative to align with zero-trust principles and secure identities across cloud services. The development highlights the importance of proactive security postures in compliance with HIPAA, PCI DSS, NIST, and GDPR.

LATEST NEWS STORIES

• Massive National Public Data Breach Exposes 2.9 Billion Records, Risks SSNs
• NIST Publishes First Three Standards Finalized for Post-Quantum Cryptography
• MIT Unveils Comprehensive Database of Artificial Intelligence Risks