Microsoft to Enforce MFA for Azure Resource Management in October
Starting in October, Microsoft will be enforcing multi-factor authentication (MFA) for all Azure resource management actions. This change is part of the company's Secure Future Initiative (SFI), aimed at protecting Azure clients from unauthorized access attempts.
The MFA enforcement will be applied gradually across tenants worldwide, with users required to enable MFA on Azure CLI, PowerShell, SDKs, and APIs to ensure that their accounts are protected against attacks. To avoid compatibility issues, users are also advised to upgrade Azure CLI to version 2.76 or later and Azure PowerShell to version 14.3 or later.
Global administrators who need more time to become compliant can postpone the enforcement date until July 2026. According to Microsoft, MFA will gradually begin for accounts that sign in to Azure CLI, Azure PowerShell, Azure mobile app, IaC tools, and REST API endpoints to perform any Create, Update, or Delete operation starting October 1, 2025.
Enforcement applies to all Azure tenants in the public cloud and all users. This includes automation and scripts using user identities (instead of application IDs), as announced by Microsoft in a recent update to its support site. Admins can monitor who registered for MFA using the authentication methods registration report or this PowerShell script to get a quick report across the entire user base.
This move follows previous announcements from Microsoft, including a May 2024 announcement that MFA will be enforced for all users signing into Azure to administer resources, and a November announcement regarding the rollout of Conditional Access policies requiring MFA for all admins signing into Microsoft admin portals. Additionally, in August 2024, Microsoft warned Entra global admins to enable MFA for their tenants by October 15, 2024.
Benefits of MFA
MICROSOFT CLAIMS THAT MFA ENHANCES SECURITY BY A 98.56% RISK REDUCTION RATE EVEN WHEN ATTACKERS USE STOLEN CREDENTIALS TO BREACH ACCOUNTS. ACCORDING TO A MICROSOFT STUDY, 99.99% OF MFA-ENABLED ACCOUNTS RESIST Hacking ATTEMPTS.
Preparation is Key
To avoid any potential compatibility issues, users are advised to upgrade Azure CLI to version 2.76 or later and Azure PowerShell to version 14.3 or later. Additionally, admins can use the authentication methods registration report or this PowerShell script to get a quick report across the entire user base.
MFA Adoption Trends
Microsoft-owned GitHub has also started enforcing two-factor authentication (2FA) for all active developers in January 2024 as part of the same effort to boost MFA adoption. For more information on this trend, check out the Picus Blue Report 2025.
Other Security News
Recently, hackers shifted their focus to ransomware attacks in the cloud. If you need to prepare for Microsoft Azure certifications at home, get access to a comprehensive look at prevention, detection, and data exfiltration trends with this course deal for $30.
Conclusion
In conclusion, MFA enforcement will start in October for all Azure resource management actions. It is essential to prepare for this change by upgrading Azure CLI and PowerShell to the latest versions and enabling MFA on your accounts. By doing so, you can ensure that your Azure clients are protected from unauthorized access attempts.