Microsoft will soon start enforcing Azure MFA logins

Cloud companies. Editorial only
(Image credit: Shutterstock)

Microsoft has confirmed it will start enforcing multi-factor authentication (MFA) for all Azure administrators within a matter of weeks.

In a blog post, Principal Product Manager for Microsoft Azure, Naj Shahid, outlined how the move would help address a number of customer concerns.

The rollout will start in July 2024, and will first be available to Azure admins. After that, similar rollouts will happen for CLI, PowerShell, and Terraform. Users will be notified beforehand via email.

Defending the premises

"Service principals, managed identities, workload identities, and similar token-based accounts used for automation are excluded," according to Shahid. "Microsoft is still gathering customer input for certain scenarios such as break-glass accounts and other special recovery processes." 

"Students, guest users and other end-users will only be affected if they are signing into Azure portal, CLI, PowerShell or Terraform to administer Azure resources. This enforcement policy does not extend to apps, websites or services hosted on Azure. The authentication policy for those will still be controlled by the app, website or service owners."

MFA adds a second authentication layer, besides the password, to high-value accounts. It generally comes in the form of a time-based code that is generated by a MFA tool, such as an authenticator app, or a physical token. 

These days, MFA is considered an industry standard in terms of cybersecurity and comes highly recommended for customers, as it successfully repels a vast majority of cyberattacks, and makes phishing for passwords extremely difficult.

Some phishing kits allow threat actors to steal multi-factor authentication codes, too, but the process is a lot more cumbersome, and hackers are a lot easier to oust, compared to accounts without MFA.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.