If you’re using Azure, Microsoft has just announced an important change: every user will need to use Multi-Factor Authentication (MFA) to sign in.1
MFA helps keep your accounts secure by adding layers of protection, making it much harder for unauthorized users to gain access.
Here’s why this change is happening, how it will be rolled out, and the next steps you need to take to get ready.
Microsoft Vows To Bolster Its Security Protocols
According to Microsoft, all users will need to use MFA to log into Azure. The MFA requirement at Azure will be rolled out in these phases:
Phase 1: Starting in July 2024, MFA will be required for logging into the Azure portal. This change will happen gradually and won’t affect other Azure tools like Azure CLI, Azure PowerShell, or Infrastructure as Code (IaC) tools.
Phase 2: Beginning in early 2025, MFA will also be required for using Azure CLI, Azure PowerShell, and IaC tools. This will be rolled out gradually as well.
Microsoft will let global admins know when MFA enforcement will start for their accounts through email and Azure Service Health Notifications, 60 days in advance. The countdown to when MFA is required will begin only after this initial notification. They will also send regular reminders to global admins between the first notification and the start of enforcement.
How MFA Works
MFA is a simple but powerful way to add extra protection to your accounts. By requiring more than just a password to log in, it helps ensure that only you can access your accounts.
This means you have two or more ways to prove it’s really you.
How Does It Work?
- First Step: Your Password: When you log in, you’ll start with your usual password. This is your first layer of security.
- Second Step: A Verification Code: After entering your password, MFA will ask for a second piece of proof. This is usually a code sent to your phone or email, or it could be generated by an app on your phone. This is your second layer of security.
- Third Step (Optional): Something Unique About You: Some MFA systems might ask for a third form of verification. This could be a fingerprint scan or facial recognition.
MFA makes your account much harder for someone to break into. Even if someone guesses or steals your password, they still need a second form of identification to access your account. This extra step helps protect your personal information and keeps your accounts safer from hackers.
Microsoft MFA Requirements
1. Microsoft Authenticator
Microsoft Authenticator lets you use your phone for passwordless sign-in. If you’re already using the Authenticator app for multi-factor authentication, you can also use it for logging in without a password.
The app turns your iOS or Android phone into a secure login method. To sign in, you’ll receive a notification on your phone, match a number displayed on the screen with the one on your phone, and then confirm with your fingerprint, face, or PIN. For details on setting it up, check out how to download and install the Microsoft Authenticator.
Passwordless login with Microsoft Authenticator works similarly to Windows Hello for Business, but it needs Microsoft Entra ID to recognize the version of the app you’re using.
2. FIDO2 Security Keys
The FIDO (Fast IDentity Online) Alliance works to create new authentication standards that cut down on password use. With FIDO2, the latest standard, you can sign in using either a physical security key or a built-in device key—no password needed.
FIDO2 security keys are a secure, password-free choice and can come as USB devices, Bluetooth, or NFC. They use the WebAuthn standard and can be saved in Authenticator apps or on your mobile devices, tablets, and computers.
You can use these keys to sign in to Microsoft Entra ID or Windows 10 devices, giving you single sign-on for both cloud and on-premises resources. They’re perfect if you need strong security or if you and your team prefer not to use phones for authentication.
3. Certificate-based Authentication
Microsoft Entra certificate-based authentication (CBA) lets you use X.509 certificates to log in directly with Microsoft Entra ID for apps and browsers. With CBA, you get phishing-resistant sign-in using your Public Key Infrastructure (PKI) certificates. Your on-premises passwords won’t be stored in the cloud.
CBA also works with Microsoft Entra Conditional Access policies to protect your accounts. This includes phishing-resistant MFA (if you have the licensed edition) and blocking outdated authentication methods.
Don’t Delay: Configure MFA Today
Microsoft suggests setting up MFA right away to protect your cloud resources. You can keep your users and data safe by using the MFA wizard in Microsoft Entra and checking out the MFA deployment guide for more details.
By configuring MFA today, you protect your accounts with an additional layer of security, safeguard your information against cyber threats, and comply with industry standards. The setup process is usually quick and easy, and the peace of mind it provides is well worth the effort.
FAQ
Is Microsoft Forcing MFA 2024?
Yes, Microsoft is requiring all Azure users to use Multi-Factor Authentication (MFA) starting in the second half of 2024. This change is meant to improve security by adding an extra verification step when logging in. It helps protect your account by making it harder for unauthorized users to access it.
How To Enable MFA For All Users In Azure?
To enable MFA for all users in Azure, go to the Microsoft Security MFA page. From there, follow the setup instructions to require MFA for your users. This will help add an extra layer of security to your accounts.
Does Microsoft 365 Require MFA?
Yes, Microsoft 365 requires MFA for added security. You’ll need to use authenticator-style apps as your MFA method. These apps provide an extra layer of protection by generating codes or notifications for sign-in.
Why An MFA Is Mandatory?
The Cybersecurity Insider podcast guest, Seth Melendez, compares it to taking a necessary medicine—it might be a bit of a hassle, but it’s essential to protect your accounts. The 2Secure team strongly recommends using MFA to keep your information safe from unauthorized access.
Source:
- Microsoft will require MFA for all Azure users. (n.d.). TECHCOMMUNITY.MICROSOFT.COM. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391
