Microsoft Mandatory Multi-Factor Authentication (MFA) for all users

Microsoft has announced that starting in July, multi-factor authentication (MFA) will become mandatory for all users logging into Azure for management tasks. This measure will be phased in, starting with the Azure portal. Subsequently, MFA will also be required for use with CLI, PowerShell and Terraform. This is an important step to improve user account security and prevent cyber attacks.

Key Points:

• Introduction of MFA:
  • Launch in July with the Azure portal.
  • Gradually extended to CLI, PowerShell and Terraform.
• Who is affected:
  • Students, guest users and other end users logging in for management tasks.
  • No impact on apps, websites or services running on Azure.
• Security benefits of MFA:
  • Boost in protection: More than 99.99% of accounts with MFA are resistant to hacking attempts.
  • Risk reduction: MFA reduces the risk of compromise by 98.56%, even in attacks with stolen credentials.
• Recommendations for administrators:
  • Activating MFA: Use the MFA wizard for Microsoft Entra.
  • Verification of registration: Use the registration report of authentication methods.
  • PowerShell script: Create a report on the MFA status of users.

Explanation and Implementation

Microsoft will begin implementing MFA for the Azure portal and will then expand incrementally to other tools such as CLI, PowerShell and Terraform. Customers will be kept informed of MFA progress and requirements via email and official notices.

Impact on Users

The policy focuses on users logging in for management tasks. This means that students, guest users and other end users using these tools must configure and use MFA. For regular apps, websites and services running on Azure, current authentication policies will continue to apply and it will be the responsibility of the owners of those apps and services to manage their security.

Benefits of Multi-Factor Authentication

A recent study by Microsoft shows that MFA offers a significant improvement in user account security. Accounts with MFA are much more resistant to hacking attempts and can effectively fend off most attacks. In addition, MFA significantly reduces the risk of compromise, even in attacks involving stolen login credentials.

Steps for Administrators

Microsoft encourages administrators to activate MFA in their tenants before the rollout begins. This can be easily done using the MFA wizard for Microsoft Entra. In addition, administrators can check which users are already registered for MFA by using the authentication methods registration report and a PowerShell script to create a detailed report on the MFA status of their user base.

MFA for Service accounts via Graph API

In addition to introducing MFA for human users, Microsoft also provides guidelines for securing service accounts, which are often used for automated tasks and scripts. Service accounts are important for various management tasks, and it is crucial that they are also properly secured. This is where the Graph API comes in:

• Graph API Integration:
  • Manage Access: Use the Graph API to manage access and permissions of service accounts.
  • MFA Implementation: Configure MFA for service accounts via the Graph API to ensure the same levels of security as for human users.
• Recommendations for Administrators:
  • Security Policy: Set a policy for service accounts that requires MFA.
  • Regular Monitoring: Monitor and regularly update service account access to ensure compliance with security policies.
  • Using App Registrations: leverage app registrations in Azure AD to manage and provision service accounts without sharing user credentials.

Conclusion

The introduction of mandatory MFA for Azure management tasks is an important step in improving user account security. Microsoft provides comprehensive tools and guidance to help administrators make this transition smoothly. By proactively implementing MFA, organizations can strengthen their security and significantly reduce the risk of cyber attacks.

In addition, it is also important to properly secure service accounts via the Graph API, so that all parts of the IT infrastructure are well protected.

🔒 Protect your account, activate MFA today! 🔒

Use these steps and tools to make sure your organization is ready for this important security update from Microsoft. If you need help, feel free to contact us.