August 16, 2024 at 03:11PM
Microsoft urged Entra global admins to enable multi-factor authentication (MFA) for their tenants by October 15 to enhance security and protect against phishing and hijacking attempts. Admins can delay MFA enforcement until April 15, 2025, but it’s advised to set up MFA now to secure cloud resources. MFA will gradually roll out to all tenants worldwide.
The key takeaways from the meeting notes are as follows:
– Microsoft has issued a warning to Entra global admins, urging them to enable multi-factor authentication (MFA) for their tenants by October 15, 2024, to enhance security and protect against phishing and hijacking attempts.
– Admins can postpone the MFA enforcement date for their tenants until April 15, 2025, between August 15 and October 15, but doing so increases the risk as accounts accessing Microsoft services are valuable targets for threat actors.
– MFA will be required for accessing admin portals, such as Entra and Intune admin centers and the Azure portal, to perform CRUD operations. It will also be required for accessing services through the Intune admin center, such as Windows 365 Cloud PC.
– In early 2025, Microsoft will start enforcing MFA for Azure sign-ins for accessing tools such as Azure PowerShell, CLI, mobile app, and Infrastructure as Code (IaC) tools.
– A Microsoft study found that MFA provides strong protection for user accounts against cyberattacks, with a 99.99% resistance to hacking attempts and a 98.56% reduction in the risk of compromise when using stolen credentials.
– The company’s goal is to achieve 100% multi-factor authentication, and it has already enforced two-factor authentication (2FA) for all active developers on Microsoft-owned GitHub as part of the effort to boost MFA adoption.
It’s clear from the meeting notes that Microsoft is prioritizing the implementation of multi-factor authentication to enhance security and protect against potential threats and cyberattacks.