Azure Mandatory MFA Phase 2 Launches in October, Microsoft Updates

Mandatory Multi-Factor Authentication Rollout for Azure

In August of the previous year, Microsoft took a significant step in enhancing security for Azure public cloud users by announcing the implementation of mandatory multi-factor authentication (MFA) for sign-ins. Research conducted by Microsoft indicates that MFA can prevent over 99.2% of account compromises, making it a crucial defense mechanism against unauthorized access.

Phased Implementation Strategy

The rollout of MFA was strategically divided into two key phases. The first phase, which commenced in October 2024, mainly focused on enforcing MFA for sign-ins to management portals. This requirement now applies to all users logging into critical Azure services, such as the Azure portal, Microsoft Entra admin center, and Intune admin center.

As of March 2023, Microsoft has confirmed the successful implementation of the initial portal enforcement for Azure tenants. This progress paves the way for Phase 2, which will introduce “gradual enforcement”at the Azure Resource Manager layer. This new layer will expand MFA requirements to essential tools, including:

• Azure CLI
• Azure PowerShell
• The Azure Mobile App
• Infrastructure as Code (IaC) tools

Preparing for MFA: Guidance for Administrators

For Azure administrators, transitioning to this new requirement necessitates some preparation. Microsoft recommends configuring a Conditional Access policy to ease this process. Below are the steps to set this up:

1. Log in to the Microsoft Entra admin center with Conditional Access Administrator rights.
2. Navigate to Entra ID, select Conditional Access, and proceed to Policies.
3. Create a new policy and assign it a descriptive name.
4. Select the appropriate users or groups to include under Assignments.
5. Under Target resources, identify Cloud apps and include “Microsoft Admin Portals”and “Windows Azure Service Management API”.
6. In Access controls, select Grant, then Require authentication strength, and choose Multifactor authentication.
7. Initially set the policy to “Report-only”mode to assess the potential impact without locking users out. Finally, select Create.

It’s important to note that applying these settings requires a Microsoft Entra ID P1 or P2 license. For optimal compatibility with these changes, Microsoft also suggests that users update their systems to at least Azure CLI version 2.76 and Azure PowerShell version 14.3.

For more information and updates regarding this transition, you can refer to the source.

Related Articles:

Download Windows 11 24H2 Now with ExplorerPatcher Fixing Major Bugs

23:16September 5, 2025

Audio Recaps of Your Meetings Now Available in Microsoft Teams

22:52September 5, 2025

Updated tiny11builder for Windows 11: 25H2 Support, Copilot Removal, and More Enhancements

22:36September 5, 2025

Discover the Latest Features in Windows 11 25H2: Enhanced File Explorer, Windows Studio Effects, and More

19:01September 5, 2025