Microsoft to Enforce MFA for Azure Admin Access

Microsoft will enforce MFA for all user accounts accessing the Azure portal and related admin centers, beginning in October 2024. The phased rollout, announced on August 26, 2025, aims to curb credential-based attacks by requiring multifactor authentication for key administrative functions across Microsoft Entra, Intune, and Microsoft 365 portals.

In the second phase, starting October 1, 2025, Microsoft will enforce MFA for operations via Azure CLI, PowerShell, mobile apps, and infrastructure-as-code tools. Read-only actions remain exempt. Administrators using user accounts for automation must migrate to workload identities to maintain functionality.

Microsoft research shows that MFA can block over 99.2% of account compromise attempts, prompting the decision to enforce MFA across its cloud management tools. Passkeys or certificate-based authentication are recommended for emergency access accounts.

Organizations may defer enforcement deadlines, but Microsoft encourages early adoption to secure access points. For complete details and migration steps, read the full article at:

Microsoft To Mandate MFA for Accounts Signing In to the Azure Portal