Microsoft will gradually enforce multi-factor authentication (MFA) for all users accessing Azure to manage resources starting in July. Initially, this rollout will target the Azure portal, followed by similar enforcement for CLI, PowerShell, and Terraform access. The company plans to provide additional information through email and official notifications before implementing MFA enforcement.
Exclusions from the MFA enforcement include service principals, managed identities, and workload identities used for automation. However, Microsoft continues to gather input for special scenarios such as break-glass accounts. End-users, including students and guest users, will only be affected if they access Azure resources through specific channels like the Azure portal, CLI, PowerShell, or Terraform.
Microsoft advises administrators to enable MFA in their tenants before the rollout using the MFA wizard for Microsoft Entra. They can also monitor MFA registration status across users using authentication methods registration reports and PowerShell scripts. Microsoft’s analysis of Azure Active Directory users reveals that MFA significantly enhances security, with over 99.99% of MFA-enabled accounts resisting hacking attempts and reducing the risk of compromise by 98.56%.
This initiative aligns with Microsoft’s broader goal of achieving 100% MFA adoption, reflecting its commitment to strengthening authentication standards across its services. The move comes in the wake of previous announcements regarding the implementation of Conditional Access policies requiring MFA for all admins and high-risk sign-ins. Additionally, GitHub, owned by Microsoft, has mandated two-factor authentication (2FA) for all active developers starting January 2024, further emphasizing the importance of robust authentication practices.
