Multi-factor authentication (MFA) will be set up by Microsoft for all Azure resource management operations in an effort to improve security across Azure systems beginning in October which is in order to protect Azure customers from unwanted access attempts.
This modification complies with industry best practices for identity protection and helps shield your company from unwanted access.
In order to secure their accounts from threats, users must enable MFA on Azure CLI, PowerShell, SDKs, and APIs. This change is a component of the company’s Secure Future Initiative (SFI) and will be rolling out gradually across tenants globally.
Users are also encouraged to update Azure PowerShell to version 14.3 or later and Azure CLI to version 2.76 or later in order to prevent compatibility problems.
The things needed in order to prepare for this are;
Make sure that every user carrying out Azure resource management operations is enrolled in MFA in order to confirm MFA readiness.
Use Azure Policy: Use an audit or enforcement mode built-in Azure Policy definition to determine the possible impact.
Upgrade Azure CLI or PowerShell Versions: Users in your tenant should use Azure PowerShell version 14.3 or later and Azure CLI version 2.76 or later for optimal compatibility.
The enforcement date might be moved to July 2026 for global administrators who require further time to comply.
The modification will take place on its own. Unless you need to hold back enforcement, no administrative action is necessary.
Microsoft stated on its website that starting from October 1, 2025, MFA enforcement will gradually begin for accounts that sign in to Azure CLI, Azure PowerShell, Azure mobile app, IaC tools, and REST API endpoints to perform any Create, Update, or Delete operation.
“All users and Azure tenants in the public cloud are subject to enforcement. In a Microsoft 365 Message Centre update, the business stated, “This includes automation and scripts using user identities (instead of application IDs).”
In order to prevent users from losing access to admin portals, Microsoft additionally advised Entra worldwide administrators in August 2024 to implement MFA for their tenants by October 15, 2024. This is the phase one stage.
Starting on October 1, 2025, phase 2 enforcement will be implemented gradually for all tenants. If further time is required to comply, customers may delay enforcement until July 2026.
This comes after announcements in May 2024 that MFA will be required for all users logging into Azure to manage resources and in November that Conditional Access policies would be implemented that required MFA for all administrators logging into Microsoft admin portals, for users on all cloud apps, and for high-risk sign-ins.
A Microsoft study found that even when hackers use stolen credentials to penetrate accounts, MFA helps lower the probability of compromise by 98.56% and that 99.99% of accounts with MFA are resistant to hacking efforts.
Unless you intend to postpone the enforcement, there is no need to take immediate action because this modification will be automatic. Take this as a reminder to begin getting ready so that your company stays safe and complies with the new rules and regulations.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
