Microsoft makes MFA mandatory for Azure sign-ins

In response to the escalating threat of cyberattacks, Microsoft has made multi-factor authentication (MFA) mandatory for Azure sign-ins. Through its Secure Future Initiative, the company states its focus on safeguarding digital identities and secrets, aiming to thwart unauthorized access to resources, even in the event of compromised credentials.

For businesses utilizing Microsoft Entra, Microsoft offers various options to enable MFA for users. These include Microsoft Authenticator, which facilitates sign-in approvals through biometrics, one-time passcodes, FIDO2 security keys, certificate-based authentication, passkeys, and SMS or voice approval.

According to Microsoft, the critical signing and platform keys will be protected using hardware security modules and confidential computing. These measures include automatically rotating the keys to prevent unauthorized access. Additionally, the company will enforce MFA methods that are resilient against phishing attacks to protect user accounts.

These mandatory security measures are designed to help businesses comply with various industry standards and regulations, such as the General Data Protection Regulation (GDPR) and the National Institute of Standards and Technology (NIST).

Microsoft’s internal survey revealed that multi-factor authentication can block over 99.2 percent of account compromise attacks. The company initially deployed MFA across its Entra ID tenants, including development, testing, demo, and production environments, with plans to extend this to all Azure customers.

MFA will be implemented in phases for Azure users. The initial phase, which begins in October 2024, will make MFA mandatory for accessing key administrative portals such as Azure Portal, Entra Admin Center, and Intune Admin Center.

Subsequently, the second phase will extend MFA requirements to additional Azure clients and tools, including Azure CLI and Azure PowerShell. Microsoft states that customers with complex environments will be given additional time to comply with the MFA requirements.

Earlier this week, Microsoft announced the general availability of its Face Check selfie biometrics as part of Entra Verified ID.

Article Topics

biometric authentication  |  biometrics  |  cybersecurity  |  FIDO2  |  Microsoft  |  multifactor authentication  |  passkeys