Microsoft has announced all Azure sign-ins will soon have to use multi-factor authentication (MFA) to enhance account security.
The authentication methods offered by the Azure platform include mobile app push notifications, biometrics, one-time passcodes or passkeys using Microsoft Authenticator.
FIDO2 security keys, certificate based authentication, and SMS or voice approval authentication methods are also available.
Azure authentication
The rollout of Azure MFA will occur in two phases. The first phase will require MFA to be used to sign in to the Azure portal, Microsoft Entra admin center, and the Intune admin center, with all Entra global admins receiving a 60-day notice by email and Azure Service Health Notifications. Phase 1 will begin in October 2024.
Phase 2 is expected to start in early 2025, which will require all sign-ins on Azure CLI, Azure Powershell, Azure mobile app, and Infrastructure as Code (IaC) tools. If your organization already has an MFA sign-in policy such as Microsoft defaults or a Conditional Access policy that utilizes MFA, users will not see any change to their log in.
The rollout is part of Microsoft’s Secure Future Initiative (SFI), with part of this program aimed at providing additional phishing resistance through MFA to all user accounts. Last year, China-based state-sponsored hackers managed to hack into a number of email accounts belonging to US government officials.
“Our goal is to deliver a low-friction experience for legitimate customers while ensuring robust security measures are in place. We encourage all customers to begin planning for compliance as soon as possible to avoid any business interruptions,” Microsoft said in a statement.
Via InfosecurityMagazine.
More from TechRadar Pro
- These are the best password managers
- A bank wire transfer scam cost this company millions — here's how you can stay safe
- Take a look at the best antivirus options around today
