Let’s discuss Microsoft MFA, which will be Mandatory for Accessing Azure from July 2024. Microsoft recently announced that it will roll out additional tenant-level security measures to require multi-factor authentication (MFA) for Azure users.
Do you know what MFA is? Multi-factor authentication (MFA) is a process in which users are prompted for an additional form of identification during the sign-in process. You will need to get ready to MFA-enable your access to Azure services from July 2024.
As you all know, MFA is very important for accessing various services to verify their identity before accessing. It is the best method for ensuring your security in the cyber world. You can protect cloud investments by establishing this security baseline at the tenant level puts in place additional security to protect.
In this blog post, I will explain why Microsoft MFA is Mandatory for Accessing Azure from July 2024. You will get complete clarifications on these changes on MFA in Azure.
- Enable Microsoft MFA For Admins Using Azure AD Conditional Access
- Quick Guide To Enforce Multifactor Authentication MFA For Users
Microsoft MFA is Mandatory for Accessing Azure from July 2024
As mentioned, MFA will be mandatory for Azure Users from July 2024. MFA is working with users to provide two or more pieces of evidence to verify their identity before accessing a service or a resource. Pieces of evidence mean username, password, etc.
MFA is also a key component of identity and access management, which involves ensuring that only authorized and authenticated users can access the services and resources. MFA can prevent unauthorized access due to phishing, credential stuffing, etc. The table below provides more clarification about the upcoming changes.
Upcoming Changes for Azure Users | Details |
---|---|
Scope | The new changes will impact all users administering Azure resources through the portal, CLI, PowerShell or Terraform |
Impact | Only impact users administering resources. It will not impact apps or services hosted on Azure or any users not administering Azure resources. |
Exclusions | Service principals, managed identities, workload identities and similar token-based accounts used for automation are excluded. |
Expectations | No workaround is available, such as emergency access, but details on this are currently unknown. |
Timeline | The rollout will begin in July 2024. Once we have completed the rollout for portal, a similar gradual rollout will start for CLI, PowerShell and Terraform. |
Communication | The rollout will begin in July 2024. Once we have completed the portal rollout, a similar gradual rollout will start for CLI, PowerShell, and Terraform. |
Steps for Preparing for Upcoming Changes in your Organizations
Microsoft MFA will be mandatory for you within 2 months, from July 2024. Users should prepare for these changes, and it will help your organization. The 5 steps for Preparing for Upcoming Changes in Your Organizations are the following.
1. Export All Microsoft 365 Users MFA Status with PowerShell
You can use PowerShell to export a report on the MFA status of all users in Microsoft 365. This information helps you understand the current state of your users’ MFA settings.
2. Migrate Legacy MFA and SSPR Policies to Authentication Methods
The 2nd step is the Migrate Legacy MFA and SSPR Policies to Authentication Methods. It will allow you to create tenant-wide policies from a single pane of glass.
3. Setup Registration Campaigns for MFA in Microsoft Entra Admin Center
It is the best way to encourage users to adopt a stronger multi-factor authentication method. It helps to provide a good security posture for your organisation and puts you well on your way to passwordless authentication.
4. Use Managed Identities with Microsoft Graph PowerShell
Analyse any existing DevOps pipelines, Runbooks and PowerShell scripts to ensure they do not use legacy auth to authenticate Azure resources. It provides a secure way for applications to access Azure resources without administrators needing to manage additional passwords or secrets.
5. Setup External Authentication Methods in Microsoft Entra ID
It is the fifth method for Preparing for Upcoming Changes in Your Organization. If your organisation is utilising custom controls for MFA with an external provider, migrate to External Authentication Methods ASAP.
It has a huge range of benefits to third-party identity providers and the organisations that use them to integrate more directly into Microsoft’s backbone identity systems.
- Free Download Azure Architecture Icons
- Fix to AVD Host Pools No Longer Support Desktop and Remote Apps Simultaneously
Reference
Microsoft will require MFA for all Azure users
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here for HTMD WhatsApp.
Author
Gopika S Nair is a computer enthusiast. She loves writing on Windows 11 and related technologies. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She is Post Graduate Diploma Holder in Computer Science.