Starting October 15, Multi-Factor Authentication (MFA) will be mandatory for administrators of Azure portal, Microsoft Entra ID, and Intune environments. Otherwise, they will no longer be able to access their management environments, Microsoft warns.
Microsoft has been running its Secure Future Initiative (SFI) to more tightly secure Azure accounts against phishing and hijacking. To this end, the tech giant requires users to enable standard MFA for all Azure login attempts.
The company announced that starting October 15, users must enable MFA for logging into the Azure portal, Microsoft Entra and Intune admin centers. Only then, users of these services will be able to perform Create, Read, Update, or Delete (CRUD) actions within the respective portals again.
Also, MFA will soon be required for all end users wishing to access various services through the Intune admin environment, such as Windows 365 Cloud PC. The tech giant calls on administrators to turn on MFA to ensure accounts are not unnecessarily at risk.
Deadline April 15, 2025
The MFA activation requirement will be rolled out to all users shortly. Also, Microsoft has sent users 60-day alerts via email. Azure Service Health Notifications have also been sent out as reminders.
Administrators who need more time to prepare for the MFA requirements can still delay the final rollout between August 15 and October 15 of this year until April 15, 2025.
Users won’t escape MFA and 2FA
The MFA implementation for Azure portal, Entra, and Intune environments comes as no surprise. In May this year, Microsoft announced all users must use MFA to log into Azure to manage resources.
Last November, the tech giant made Conditional Access policies mandatory for logging into various Microsoft management portals, such as Entra, Microsoft 365, Exchange and Azure. This also applied to users of all cloud apps and other high-risk login activities.
Microsoft-owned GitHub also began requiring Two-Factor (2FA) authentication last January to further encourage secure logins.
Also read: API endpoint of 2FA app Authy abused to obtain millions of phone numbers