Azure to Enforce MFA for All Resource Management Operations

As cyberattacks grow in frequency, sophistication, and impact, Microsoft is doubling down on its commitment to protect customers. Backed by research, Microsoft highlights that multifactor authentication (MFA) can block more than 99.2% of account compromise attacks, making it one of the single most effective measures to protect user accounts.

In August 2024, Microsoft announced a phased rollout of mandatory MFA enforcement for Azure Public Cloud sign-ins.

• Phase 1 targeted Azure Portal, Microsoft Entra admin center, and Intune admin center sign-ins. By March 2025, enforcement was live for 100% of Azure tenants.
• Phase 2, starting October 1, 2025, extends mandatory MFA to Azure Resource Manager operations, covering all clients such as Azure CLI, PowerShell, SDKs, REST APIs, and Infrastructure as Code (IaC) tools.

As Microsoft explains, “By enforcing MFA for Azure sign-ins, we aim to provide you with the best protection against cyber threats as part of Microsoft’s commitment to enhance security for all customers, taking one step closer to a more secure future.”

Beginning October 1, 2025, users must authenticate with MFA before performing any resource management operations. Workload identities, including managed identities and service principals, remain unaffected.

Microsoft has begun notifying Microsoft Entra Global Administrators by email and via Azure Service Health alerts.

Microsoft recommends organizations take immediate steps to prepare for the rollout:

1. Enable MFA for all users
   Ensure all users who perform Azure resource management actions are MFA-enabled before October 1, 2025.
2. Understand potential impact with Azure Policy
   Assign built-in Azure Policy definitions to block or audit operations by non-MFA authenticated users, testing enforcement in advance.
3. Update Azure clients
   Use Azure CLI v2.76 and Azure PowerShell v14.3 (or later) for full compatibility.
4. Plan for flexibility
   If needed, Global Administrators can postpone enforcement temporarily via the Azure Portal.

Related Posts:

• Microsoft Access 2016/2019 Is Nearing End-of-Life
• Microsoft Gives U.S. University Students Free Microsoft 365 Personal

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy