Microsoft Azure requires MFA since October 15, 2024 – postponement possible

[German]Microsoft wants administrators to use multi-factor authentication (MFA) to log in to Azure from October 15, 2024, although a delay of up to 5 months is possible.


Advertising

Nico had pointed this out to me, but October 15, 2024 has already passed. Microsoft has required all admins in Azure to authenticate via MFA since October 15, 2024. This is stated in the M365 Admin Message Center. In the settings, you can postpone the mandatory introduction to March 25, 2025 if you wish.

What Nico confuses in this context: In the message center it says "Microsoft […] requires administrators to use MFA when signing in […]". In Azure itself, the text reads "[MFA] … is required for all users ….".
Question to the readership: Have you all switched to MFA or postponed it until March 2025? And does the MFA login only apply to administrators, or to all users? As far as I know, MFA is mandatory for administrators.

 


Advertising

This entry was posted in Cloud, Security and tagged , . Bookmark the permalink.

One Response to Microsoft Azure requires MFA since October 15, 2024 – postponement possible

  1. Alex says:

    How it reads needs to be given context. Yes this requirement is only for administrators. They are targeting users with an Administrative Role like Global Administrators, Exchange Administrators, Sharepoint Administrators, etc…
    As for the way is reads when you login to Azure "All users will require…" what they mean is all users logging into this portal (the Azure Portal) in that case. And since you should be an admin if you're logging in there, then you can see the context of how this applies to you.
    We did not push off until March 2025, we instead work hard to keep informed about what is coming down the pipe, and no we are not a huge team that can afford the man hours, but I still find this valuable. We knew this was coming one or maybe two years ago, so we were not blindsided. One thing you can do is use Conditional Access to require your MFA from an outside provider (if you have one) like Okta, RSA, Duo, etc… This way you always control the MFA policy while adhering to your corporate standards instead of trying to play catchup to Microsoft. To do this of course requires the correct licensing (Entra ID Premium P1 or P2) just for your admins, not all users. But the amount of manhours saved scrambling, helps justify the cost to maintain consistent control.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).