May 17, 2024 at 03:00PM
Microsoft will soon enforce multi-factor authentication (MFA) for all Azure users administering resources, starting with the Azure portal. This will later extend to CLI, PowerShell, and Terraform. Certain accounts for automation won’t be affected, and admins are urged to enable MFA beforehand. MFA has proven to significantly enhance account security.
From the meeting notes, the key points are:
– Microsoft will gradually enforce multi-factor authentication (MFA) for all users signing into Azure to administer resources, starting in July.
– The rollout will begin with the Azure portal and then extend to CLI, PowerShell, and Terraform.
– Certain accounts such as service principals, managed identities, workload identities, and automation accounts are excluded from MFA enforcement.
– Student, guest users, and end-users will only be affected if they are signing into the Azure portal, CLI, PowerShell, or Terraform to administer resources.
– Microsoft encourages admins to enable MFA in their tenants before the rollout and offers tools for monitoring MFA registration and user status.
– MFA has been shown to provide significant protection against cyberattacks and unauthorized access, with over 99% of MFA-enabled accounts resisting hacking attempts and a risk reduction of 98.56%.
– Redmond announced plans to roll out Conditional Access policies requiring MFA for all admins, users on cloud apps, and for high-risk sign-ins.
– GitHub will require all active developers to enable two-factor authentication (2FA) beginning January 2024 as part of the move to boost MFA adoption.