Microsoft has announced that they will be implementing multi-factor authentication (MFA) for all Azure administrators in the coming weeks. This move is aimed at addressing customer concerns and enhancing security measures within the Azure platform.
The rollout of MFA will begin in July 2024, starting with Azure administrators. Subsequently, similar implementations will be introduced for CLI, PowerShell, and Terraform users. Notifications will be sent to users via email in advance of the implementation.
According to Microsoft Azure senior product director Naj Shahid, certain accounts such as service principals, managed identities, and workload identities used for automation will be excluded from the MFA requirement. Microsoft is also collecting feedback from customers regarding emergency accounts and special recovery processes.
MFA adds an additional layer of security to accounts by requiring a second form of authentication, such as a time-based code from an authenticator application or a physical token. This extra step is crucial in preventing cyber attacks and making password phishing more difficult.
While some phishing kits may allow threat actors to steal MFA codes, the process is much more challenging and hackers are easily detected and removed compared to accounts without MFA.
Overall, MFA is considered an industry standard in cybersecurity and is highly recommended by customers for protecting high-value accounts. By enforcing MFA for Azure administrators, Microsoft aims to strengthen security measures within the Azure platform and protect user data from potential threats.
Article Source
https://www.techradar.com/pro/security/microsoft-will-soon-start-enforcing-azure-mfa-logins