Discover how Microsoft’s Secure Future Initiative aims to boost cybersecurity with mandatory Azure MFA.
Are you ready for mandatory Azure MFA? Microsoft says that you must be.
With their Secure Future Initiative (SFI), Microsoft is committing to enhance cybersecurity over the next five years to protect identities and secrets by reducing the risk of unauthorized access to sensitive information. This initiative will begin by implementing mandatory multifactor authentication (MFA) for all users signing into the Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. This enforcement will extend to Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools beginning in early 2025.
All users with Create, Read, Update, or Delete roles will be required to use MFA when logging in. Organizations are encouraged to enable users for one or more MFA methods and update break glass or emergency access accounts to use passkey (FIDO2) or certificate-based authentication for MFA.
Organizations can request more time to prepare for enforcement, until October 15, 2024, if needed. Enforcement start date may be postponed until March 15, 2025.
- Scope of Enforcement:
- Applies to all users who sign into Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center.
- End users accessing applications, websites, or services hosted on Azure but not signing into the listed applications are not required to use MFA.
- Workload identities and service principals are not impacted by MFA enforcement.
- Break glass or emergency access accounts must sign in with MFA once enforcement begins.
- Enforcement Phases:
- Phase 1: Starting in October of 2024, MFA will be required for Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. Enforcement will roll out gradually to all Azure tenants worldwide.
- Phase 2: Beginning in March of 2025, MFA enforcement will gradually begin for Azure CLI, Azure PowerShell, Azure mobile app, and IaC tools.
- Notification Channels:
- Microsoft will send out advance notification to Entra global administrators via email, Azure Service Health Notifications, Entra Admin Center, and M365 Message Center to announce the start date of enforcement for each organization.
Contact your Keller Schroeder Select Account Manager to find out how our Infrastructure Solutions Group can assist you in preparing for this upcoming mandatory enforcement of MFA on your Azure tenant.
Written By:
Kris Linville
Director, Data Center Solutions
Infrastructure Solutions Group