The Change
In today’s article, we’ll be taking a look at a new change that Microsoft is rolling out:
MC862873 – Take action: Enable multifactor authentication for your tenant before October 15, 2024 | Microsoft 365 Message Center Archive (merill.net)
After October 15, 2024, Microsoft will require admins to use multifactor authentication when signing in to the Azure Portal, the Entra Admin Center, or the Microsoft Intune admin center. This change won’t affect normal user accounts that don’t have any privileged roles.
In addition there is a techcommunity article getting into more detail about the change:
Update on MFA requirements for Azure sign-in – Microsoft Community Hub
What to do?
If you haven’t already, now’s the time to make sure you’re securing your admins when they log in to admin portals. It’s a good idea to roll out MFA for the affected admin accounts. It’s also a good idea to check your “break glass” accounts. Most of them are probably currently secured with a long, complex password, and there are some monitoring techniques in place to keep an eye on them. These accounts must to be updated to be secured with MFA. I’d suggest enabling passwordless authentication with a FIDO2 key like the Yubikey right away. You might as well use passkeys if you don’t mind that they’re still in preview, but I wouldn’t recommend them yet. You can keep the Yubikey in a safe place like your company’s safe.
If you are a big organization and you might not be able to prepare yourself for the change you can postpone the change.
If you’re wondering who might be affected by the change, there’s a Powershell module that helps you identify users with the cmdlet Export-MsIdAzureMfaReport.
You did not hear about the change?
Then now is the time to implement a process in your organization to stay up to date about the changes Microsoft is rolling out. This might be implementing a process to sync message center notifications into a planner board and deal with them in a structured way or to follow for example entra.news.
Conclusion
It’s still a big worry that admin accounts aren’t protected with MFA. Microsoft said that 99.9% of the accounts that got hacked weren’t protected with MFA. Now is the time to step up your security!
If you have any questions about this change or need help, please don’t hesitate to reach out to me!