Microsoft Azure will require mandatory MFA starting July

Administrators using Azure, the Microsoft cloud computing platform, will have to set up multi-factor authentication (MFA) with no exceptions.

According to Microsoft product manager Merill Fernando, Microsoft is introducing a new security requirement for users who administer Azure resources using Azure Portal, the command line interface, PowerShell, and Terraform.

Azure Portal is used to manage cloud infrastructure.

“Microsoft will require MFA for all Azure users,” Fernando's post on X reads.

“Beginning July 2024, a gradual rollout of the portal will commence. Once completed, a similar gradual rollout will start for CLI, PowerShell, Terraform.”

For now, students, guest users, and other end users are not impacted unless they sign into “administer.” The token-based accounts used for automation are also excluded.

All “Entra ID MFA methods” will be available. Entra ID supports the Microsoft Authenticator app, SMS, voice calls, and hardware tokens. Admins can also tune when MFA is required based on signals such as the user’s location, device, role, or risk level.

Fernando warned that there will be no opt-outs, and exceptions will be only possible for cases where no workarounds are available.

MFA is commonly required and one of the most effective security methods available. According to a report by Microsoft, 99.9% of compromised accounts did not use MFA, and MFA can block more than 99.2% of account compromise attacks.

“Establishing this security baseline at the tenant level puts in place additional security to protect your cloud investments and company,” Microsoft said in a blog post.

The company urges users not to wait to set up the MFA and provides tools for setting policies, monitoring, and communicating changes.

Microsoft plans to send detailed information and timelines through official emails and notifications with advanced notice to ensure customers are well-informed and prepared.