Microsoft issued a statement that it will enforce multi-factor authentication (MFA) functionality starting in October to help reduce the possibility of account hacking. Microsoft says MFA can prevent more than 99.2% of these account compromise attacks, so the measure is mandatory.
It is reported that this process will be implemented gradually in two stages, which are summarized as follows:
Phase 1: Starting in October, MFA will be required to log in to the Azure portal, the Microsoft Entra admin center, and the Intune admin center, but will not affect other Azure clients.
Phase 2: Starting in early 2025, MFA requirements will be gradually extended to other Azure clients, such as the Azure CLI, Azure PowerShell, Azure Mobile Apps, and Infrastructure as Code (IaC) tools.
To ensure customers are prepared, Microsoft will send Entra global administrators 60 days’ advance notice via email and Azure Service Health notifications to let them know what they need to do, and Microsoft has said it is willing to extend licensing time for organizations with difficult conditions or technical barriers.