Experts Inside Blog

MFA Enforcement for Microsoft Azure, Entra, and Intune Portals

Geschrieben von Viktor Grzebyk | Sep 9, 2024 7:31:53 AM

Phase 1: MFA Enforcement for Azure, Entra, and Intune Portals

Effective Date: On or After October 15, 2024

To enhance security, Microsoft will require administrators to use Multi-Factor Authentication (MFA) when signing into the Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. This requirement will also extend to any services accessed through the Intune admin center, such as Windows 365 Cloud PC.

To benefit from the additional layer of protection provided by MFA, we recommend enabling MFA as soon as possible. For more details, refer to Planning for Mandatory Multifactor Authentication for Azure and Admin Portals.

How This Will Affect Your Organization:

  • MFA Requirement: Administrators will need to have MFA enabled for your tenant to sign in to the Azure portal, Microsoft Entra admin center, and Intune admin center after this change takes effect.

What You Need to Do to Prepare:

  1. Set Up MFA: Ensure MFA is enabled for your organization before October 15, 2024, to guarantee uninterrupted access for your administrators.
  2. Request for Postponement: If you cannot set up MFA by this date, you may apply to postpone the enforcement until March 15, 2025.
  3. Post-Enforcement Registration: If MFA is not set up before the enforcement date, administrators will be prompted to register for MFA during their next sign-in to the Azure portal, Microsoft Entra admin center, or Intune admin center.

MFA Options for Emergency Access Accounts:

For "Break Glass" or emergency access accounts, Microsoft recommends:

  • Primary Option: FIDO2 security keys.
  • Alternative Options: Certificates or hardware/software-based One-Time Passwords (OTPs).

Phase 1: MFA Enforcement for Azure portal, Azure CLI, Azure PowerShell

Effective Date: Starting in early 2025

MFA Requirements for Automation Accounts:

For service accounts used in automation (e.g., scripts, APIs):

  • These accounts will also require MFA once enforcement begins.
  • We recommend migrating to managed identities or service principals to comply with the new requirements.

Need More Information or Assistance?

If you have questions or need further guidance, feel free to reach out to our team.
Vollständigen Beitrag anzeigen