Microsoft: Roadmap for multi-factor authentication in Azure specified
Until now, it was clear that Microsoft wanted to switch all Azure accounts to multi-factor authentication. Now there is a concrete timetable.
Back in June, it was announced that Microsoft was planning to switch to mandatory access protection with multi-factor authentication (MFA) for Azure accounts. The changeover was due to begin in July. The company is now specifying the timetable.
In a blog post, Microsoft explains that one of the pillars of the company's "Secure Future Initiative" (SFI) is the protection of identities and secrets. "Ensuring that Azure accounts are protected with securely managed multi-factor authentication is one of our key missions," Microsoft explains. "As recent Microsoft research shows, MFA can block more than 99.2 percent of account compromise attacks, making it one of the most effective security measures available," the authors add.
MFA: Expansion of affected accounts
The May announcement was said to have only affected more than one million Microsoft Entra ID tenants, including tenants for development, testing and demos as well as production. Microsoft is now planning to extend this "best practice" to all customers. This will also help organizations to comply with guidelines such as PCI-DSS, HIPAA, GDPR and NIST.
Instead of starting gradually for all customers from July as originally announced, Microsoft now has a concrete timetable. Phase one will start in October and will require MFA to log in to the Azure Portal, the Microsoft Entra ID Admin Center and the Intune Admin Center. Enforcement will be gradually implemented in several steps for all tenants worldwide. Phase two will follow early in 2025 and will then affect Azure CLI, Azure PowerShell, Azure Mobile App and Infrastructure-as-Code tools (IaC).
Since Thursday last week, Microsoft has been sending out advance notifications to all global Entra admins with a 60-day notice period by email and via the Azure Service Health Notifications. They also contain instructions on what actions to take. Notifications will also be sent via the Azure Portal, Entra Admin Center and M365 Message Center. Good news for already busy admins: For those who need more time for the enforced Azure MFA transition, Microsoft wants to consider extended timeframes - if they have more complex environments or technical hurdles.
(dmk)