Cloud Security

Microsoft Announces Mandatory MFA for Azure

Microsoft is implementing automatic enforcement of multi-factor authentication (MFA) for all Azure users starting October.

Microsoft Azure DDoS

Microsoft is stepping up its Azure account protection game with mandatory multi-factor authentication (MFA) that will be enforced on all Azure sign-ins starting October.

Mandatory Azure MFA, the tech giant says, is meant to improve the security of accounts across its services, and builds upon previously announced plans to enforce the protective measure across ID tenants within Microsoft.

Starting the second half of 2024, Microsoft will roll out required MFA for all Azure users, with notifications delivered to customers two months prior to the enforcement, to ensure they have time to prepare for it.

In October, mandatory MFA will be turned on for Azure portal, Microsoft Entra admin center, and Intune admin center, with the enforcement rolled out gradually to all tenants, worldwide.

“This phase will not impact other Azure clients such as Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code (IaC) tools,” Microsoft says.

In early 2025, the tech giant will start enforcing MFA for all sign-ins to Azure CLI, Azure PowerShell, Azure mobile app, and IaC tools.

Advertisement. Scroll to continue reading.

“Beginning today, Microsoft will send a 60-day advance notice to all Entra global admins by email and through Azure Service Health Notifications to notify the start date of enforcement and actions required. Additional notifications will be sent through the Azure portal, Entra admin center, and the M365 message center,” the company said on Friday.

Microsoft said it would review extended timeframes for customers with complex environments or technical barriers, which may require additional time to prepare for the change.

According to the tech giant, mandating MFA for Azure sign-ins is part of its commitment to improve the security of its users, as this will reduce the risk of account compromise and data breaches and will help customers comply with security standards and regulations.

MFA, Microsoft says, can block more than 99.2% of account compromise attacks, and organizations have numerous options to enable its use, including Microsoft Authenticator, FIDO2 security keys, certificate-based authentication using personal identity verification (PIV) and common access card (CAC), passkeys, and the less secure SMS or voice approvals.

Last year, the US cybersecurity agency CISA published guidance on how organizations can protect against phishing and other threats by implementing phishing-resistant MFA.

Related: Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA

Related: AWS Announces Authentication and Malware Protection Enhancements

Related: Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report

Related: Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel

Related Content

Cybersecurity Funding

The Spanish startup has closed an extended pre-seed funding round two months after launching its digital identity protection platform.

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Identity & Access

Attendees will learn how attackers evade conventional detection methods, why legacy MFA alone is no longer sufficient, and how organizations can strengthen their defenses.

Cybersecurity Funding

The startup has built a security-first identity platform to protect humans, machines, and AI agents.

Cybersecurity Funding

Raising $59 million to date, Opal also announced five senior leadership appointments.

Artificial Intelligence

From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase.

Cybersecurity Funding

The company will accelerate product development, scale go-to-market efforts, and expand its global footprint.

Artificial Intelligence

Join the webcast as we explore what Agentic AI can and cannot solve today, and real world breach scenarios linked to disconnected applications.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version