Microsoft has made a significant change Azure, making multi-💟factor authentication (MFA) mandatory for all Azure s🐼ign-ins.

Microsoft has been working to improve its security after a series of embarrassing incidents. The company’s latest effort is aimed at helping organizations secure their Azure instances by making MFA mandatory for all sign-ins.

The company explained in .

As cyberattacks become increasingly f🥀requent, sophisticated, and damaging, safeguarding your digital assets has never been more critical. As part of Microsoft’s $20 billion dollar investment in security over the next five years and our commitment to enhancin🍸g security in our services in 2024, we are introducing mandatory multifactor authentication (MFA) for all Azure sign-ins.

Microsoft says MFA cuts𒊎 down on more than 99% of account compromise attacks.

Ensuring Azure accounts are protected with securely managed, phishing-resistant multifactor authentication is a key action we are taking. As recent research by Microsoft shows that multifactor authentication (MFA) can block more than 99.2% of account compromis🦩e attacks, making it one of the most effective security measures available, today’s announceജment brings us all one step closer toward a more secure future.

The company says the mandatory ༺MFA🌃 rollout will occur in two phases, beginning in the second half of 2024.

• Phase 1: Starting in October, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. The enforcement will gradually roll out to all tenants worldwide. This phase will not impact other Azure clients such as Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code (IaC) tools.
• Phase 2: Beginning in early 2025, gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will commence.

Microsoft has already begun sending out notices, a💫nd leaves open the door to working with companies tha𒁃t need more time.

Beginning today, Microsoft will send a 60-day advance notice to all Entra global ad💫mins by email and through Az🌟ure Service Health Notifications to notify the start date of enforcement and actions required. Additional notifications will be sent through the Azure portal, Entra admin center, and the M365 message center.

For customers who need additional time to pr𒆙epare for mandatory Azure MFA, Microsoft will review extendﷺed timeframes for customers with complex environments or technical barriers.

The move to mandatory MFA is further indication that Microsoft’s shift to a security-first approach appears to be working.