Microsoft have announced they’re tightening identity protection and data security by making multi-factor authentication (MFA) mandatory for all Azure users. We explain the reasons, implications, and what actions users need to take.
Microsoft’s recent mandate requiring MFA for all Azure users is a significant step forward in the continual drive for greater cloud security.
The policy change is designed to further safeguard the vast volumes of sensitive data hosted on the Azure platform.
More broadly, it’s part of Microsoft’s initiatives to increase identity and data security across its entire estate in the face of increasingly sophisticated threats and an all-time high in criminal and nation state cyber activity.
What this means for Azure users
Applying MFA across the board will, in time, have an impact on the way users sign into their Azure accounts, be that via the Azure portal, Command-Line Interface (CLI), or PowerShell.
However, mindful of overly disrupting its users, the roll-out will be a phased approach through 2024 and early 2025, as follows:
- Phase 1 (from July 2024): Gradual roll-out to tenants of MFA enforcement at sign-in for Azure portal only. Other Azure clients, such as Azure CLI, Azure PowerShell and IaC tools won’t be affected.
- Phase 2 (Early 2025 – date to be announced): Gradual roll-out of MFA enforcement to all tenants for Azure CLI, PowerShell, and IaC tools.
Notifications will be sent to global administrators 60 days before the enforcement date, with periodic reminders sent out up the day of the change.
Strategic impact and proactive implementation
Microsoft have confirmed that there will be scope for a grace period for those with more complex environments. However, it’s crucial to understand that MFA will become mandatory for all users performing administrative tasks within the Azure environment.
This includes actions such as creating, reading, updating, and deleting (CRUD) resources.
The policy change aligns with Microsoft’s Secure Future Initiative and a commitment to improve cloud security standards across its user base. It also reinforces the importance MFA has in enabling Zero Trust principles by improving breach mitigation, safeguarding data integrity, and driving greater trust in cloud computing.
Therefore, to avoid disruptions and ensure seamless compliance, users are encouraged to activate MFA as soon as possible.
Free Guide
The Complete Guide to Microsoft Entra [New for 2024]
The most comprehensive guide to Microsoft Entra. Over 40 pages. Plus, Microsoft licensing simplified.
Discover how you can:
- Cut costs by removing 50% management effort
- Elevate security – reduce breach chances by 45%
- Automate provisioning to ensure compliance
What actions will you need to take?
We recommend Azure users transition to MFA using Microsoft Entra ID, which supports a variety of authentication methods.
Such as:
- Microsoft Authenticator app: Offers verification through a simple approval notification sent to your mobile device.
- SMS and voice calls: Send a verification code to your mobile device as an additional layer of security.
- Hardware tokens: Physical devices that generate a security code and can be used as part of the authentication process.
Beyond these methods, Entra ID allows administrators to configure conditional access policies.
These policies can tailor the MFA requirements based on specific scenarios, such as user location, device compliance status, or the sensitivity of the accessed data. Enhancing the flexibility and security of Azure environments.
To ensure a smooth transition to MFA, consider the following steps:
- Identify Impacted Users: Use PowerShell commands and the Multifactor Authentication Gaps workbook to identify users who need to transition to MFA.
- Set Up MFA: Implement MFA for all relevant user accounts using the MFA wizard available in Microsoft Entra.
- Migrate Automation Accounts: Transition user identities used in automation to managed identities or service principals.
- Review Break Glass Accounts: Update break glass or “emergency access” accounts to use FIDO2 or certificate-based authentication, both of which will satisfy the MFA requirement.
Why MFA is critical for your security posture
The prevalence of weak passwords remains a significant security risk.
Even with complex passwords, cyber criminals have developed sophisticated methods to breach accounts. Implementing MFA offers a powerful method of protection and significantly reduces the likelihood of unauthorised access.
In fact, given the advanced nature of modern cyber threats, MFA really is no longer a recommendation but a necessity. This is the motivation behind Microsoft’s revised policy to ensure that only authenticated users can access critical resources.
While we appreciate that this might cause some additional work for organisations, this move is for long-term safeguarding of your organisation’s cloud environment.
If you’d like more information or to discuss how to get MFA implemented across your estate, please contact the team today.
Key takeaways
Microsoft has made MFA mandatory for all Azure users to enhance cloud security.
The roll-out will be phased, starting in July 2024, with full enforcement by early 2025.
Administrators should begin activating MFA now to ensure seamless compliance and avoid disruptions.
Users can implement MFA through Microsoft Entra ID, via methods including the Microsoft Authenticator app, SMS, and hardware tokens.
A clear pathway
Book your Entra ID Discovery & Roadmapping Workshop
Understand how to achieve more efficient, secure, and cost-effective identity and access management.
This is your opportunity to:
- Understand the gaps and challenges costing your organisation time and money.
- Gain a strategy that aligns identity management with your long-term business goals.
- Design an affordable solution that mitigates security risks and improves user experiences.
Next steps
Like this guide? Then don’t forget to share it with your followers.
Great emails start here
Sign up for free resources and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
Got a question? Need more information?
Our expert team is here to help.