Microsoft will soon be implementing multi-factor authentication (MFA) for all users who sign in to Azure to manage resources. This enforcement will begin in July and will include the deployment of MFA app for CLI, PowerShell, and Terraform after completing the Azure portal deployment. The company will provide customers with additional information via email and official notifications before the MFA policy takes effect.
Certain accounts, such as service principals, managed identities, workload identities, and token-based accounts used for automation, are excluded from this MFA requirement. Microsoft is still gathering feedback on specific scenarios, such as emergency accounts and special recovery facilities, according to Azure Product Manager Naj Shahid.
Guest users, students, and other end users will only be impacted if they sign in to Azure portal, CLI, PowerShell, or Terraform to manage Azure resources. The enforcement policy will not affect apps, websites, or services hosted in Azure, as their authentication policies will still be controlled by the owners.
Administrators are encouraged to enable MFA in their tenants before deployment using the MFA wizard for Microsoft Sign in. They can also monitor MFA status across their user base using authentication methods log report and a PowerShell script provided by Microsoft.
A recent study by Microsoft shows that MFA significantly enhances the security of user accounts, with over 99.99% of MFA-enabled accounts successfully resisting hacking attempts. The risk of compromise is reduced by 98.56% even in cases where attackers try to breach accounts using stolen credentials.
In November, Microsoft announced plans to implement conditional access policies requiring MFA for all administrators signing in to various management portals, cloud applications, and high-risk logins. The company aims to achieve 100% multi-factor authentication adoption to increase account security.
As part of this effort, Microsoft-owned GitHub will also soon mandate two-factor authentication (2FA) for all active developers starting January 2024. This move aligns with Microsoft’s goal of ensuring strong, modern authentication for all users to reduce the risk of account takeover significantly.
Article Source
https://www.bleepingcomputer.com/news/microsoft/microsoft-will-start-enforcing-azure-multi-factor-authentication-MFA-in-july-2024/