Microsoft has required the implementation of multi-factor authentication for all sign-ins to the Azure portal and Entra and Intune admin centers by Oct. 15 as part of its Secure Future Initiative, which seeks to ensure the protection of accounts against increasingly common phishing and hijacking attacks, reports BleepingComputer.
While admins could defer MFA enforcement until April 2025 as long as they request to do so between Aug. 15 and Oct. 15, Microsoft warned that such postponement would open admin portals to increased cybersecurity risks. Mandatory MFA would also be enforced by Microsoft for Azure sign-ins for Azure CLI, PowerShell, Infrastructure as Code tools, and mobile app by early next year. Such a development comes months after a Microsoft study detailed the optimal security protection provided by MFA. "Our goal is 100 percent multi-factor authentication. Given that formal studies show multi-factor authentication reduces the risk of account takeover by over 99 percent, every user who authenticates should do so with modern strong authentication," noted Microsoft Vice President for Identity Security Alex Weinert.
