Microsoft now enforces MFA on Azure Portal sign-ins for all tenants
Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025.
The company’s Azure MFA enforcement efforts were announced in May 2024 when Redmond began implementing mandatory MFA for all users signing into Azure to administer resources.
One year ago, in August 2024, Microsoft also warned Entra global admins to enable MFA for their tenants by October 15, 2024, to ensure users don’t lose access to admin portals.
After completing the rollout for Azure portal sign-ins, the company will begin enforcing MFA on Azure CLI, PowerShell, SDKs, and APIs in October 2025 to protect users’ accounts against attacks.
“We are proud to announce that multifactor enforcement for Azure Portal sign-ins was rolled out for 100% of Azure tenants in March 2025,” Microsoft said on Friday.
“By enforcing MFA for Azure sign-ins, we aim to provide you with the best protection against cyber threats as part of Microsoft’s commitment to enhance security for all customers, taking one step closer to a more secure future.”
These changes follow a November 2023 announcement that Microsoft would soon roll out Conditional Access policies requiring MFA for all admins when signing into Microsoft admin portals (including Entra, Microsoft 365, Exchange, and Azure), for users on all cloud apps, as well as for high-risk sign-ins.
As part of the same effort to boost MFA adoption, Microsoft-owned GitHub has begun enforcing two-factor authentication (2FA) for all active developers starting in January 2024.
A Microsoft study from two years ago found that 99.99% of accounts protected by MFA successfully fend off hacking attempts and that MFA also lowers the likelihood of account compromise by 98.56%, even when attackers attempt to use stolen credentials.
“Our goal is 100 percent multifactor authentication,” former Microsoft VP of Identity Security Alex Weinert said at the time. “Given that formal studies show multifactor authentication reduces the risk of account takeover by over 99 percent, every user who authenticates should do so with modern strong authentication.”
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Source link