Microsoft mandates MFA for all Azure users
Microsoft will require multifactor authentication (MFA) for all customers to sign-in to Azure portal, the Microsoft Entra and Intune admin centres starting in October, the company said in a blog post.
The company has begun sending 60-day notices to all Entra administrators impacted by the change. Microsoft said it will review requests from customers with complex environments or technical barriers for additional time to implement mandatory MFA.
Microsoft will phase in MFA at sign-in for Azure Command Line Interface, Azure PowerShell, Azure mobile app and infrastructure as code tools in early 2025, the company said.
The MFA mandate is part of Microsoft’s Secure Future Initiative, an effort the company started in November to overhaul its cybersecurity strategy by integrating key security features into its platforms and services.
Microsoft CEO Microsoft Nadella doubled down on the company’s commitment to advance cyber security protection in April, making security the top priority after a withering report from the federal Cyber Safety Review Board in the US criticised the company for prioritising speed to market over security.
MFA adoption in enterprises remains a sticking point and a key difference maker in potentially preventing catastrophic attacks.
Two of the most damaging cyberattacks this year – a February ransomware attack against Change Healthcare and a wave of attacks targeting more than 100 Snowflake customers – were attributed to systems without MFA.
Microsoft’s cloud platform Azure serves as the backbone for the infrastructure, compute and services it provides to customers. Microsoft, the second-largest hyperscaler behind Amazon Web Services, ended the second quarter with a 23% share of the cloud infrastructure services market, according to Synergy Research Group.
Microsoft’s MFA mandate on Azure is firm, but the company is being flexible with the types of MFA customers can use to meet the requirement.
Customers can use Microsoft Authenticator, FIDO2 security keys, certificate-based authentication, passkeys and text message or voice-based approval to enforce MFA through Microsoft Entra, the company said.
Subscribers 0
Fans 0
Followers 0
Followers