Cyber attacks are very common these days. No day goes by without some accounts being breached or companies being held hostage by ransomware.
A good way to protect your accounts is by using Microsoft Multifactor Authentication (MFA).
There is no need to explain why MFA is such a great security mechanism and why everyone needs to use it. Yes, even you Mr. Administrator ‘who knows what you are doing’ 
!
Starting in the 2nd half of 2024, Microsoft will start with the automatic enforcement of MFA. This will start by enforcing every Azure sign-in with MFA.
When you log into the Azure portal, you will likely see the following message. This is a 60-day advance notice from Microsoft to notify global admins of the start date and required actions.
Starting in October, Microsoft will require you to sign-in to the following portals using MFA.
- Azure portal
- Microsoft Entra admin center
- Intune admin center
The rollout will be gradual to all tenants worldwide. At a later stage, the enforcement of MFA for Azure CLI, Azure PowerShell, Azure mobile app and Infrastructure as code (IaC) tools will take place.
There is a possibility to extend the time for the mandatory MFA for environments where additional time is needed.Global Administrators need to have elevated access before postponing the start date of MFA enforcement.
This is a great moment to rethink your MFA strategy. Consider using the Microsoft Authenticator to approve sign-ins using push notifications and biometrics. For user accounts with priviledged roles, I strongly advice the use of FIDO2 security keys! Using traditional service accounts (including scripts or other automated tasks)? Consider Service Principals and Managed Identities as they are not impacted by MFA enforcement.
Take a look at all the different authentication methods and evaluate which methods suit your environment. As advice, I strongly recommend staying away from voice and SMS. Yes, they are legitimate authentication methods, but they should be considered as unsafe.
Below is a overview of the timeframe when Microsoft starts enforcing MFA.
| Application Name | App ID | Enforcement phase |
| Azure portal | c44b4083-3bb0-49c1-b47d-974e53cbdf3c | Second half of 2024 |
| Microsoft Entra admin center | c44b4083-3bb0-49c1-b47d-974e53cbdf3c | Second half of 2024 |
| Microsoft Intune admin center | c44b4083-3bb0-49c1-b47d-974e53cbdf3c | Second half of 2024 |
| Azure command-line interface (Azure CLI) | 04b07795-8ddb-461a-bbee-02f9e1bf7b46 | Early 2025 |
| Azure PowerShell | 1950a258-227b-4e31-a9cf-717495945fc2 | Early 2025 |
| Azure mobile app | 0c1307d4-29d6-4389-a11c-5cbe7f65d7fa | Early 2025 |
| Infrastructure as Code (IaC) tools | Use Azure CLI or Azure PowerShell IDs | Early 2025 |
Start today with the implementation of strong MFA methods. Postpone the rollout if you need more time for complex environments.
Microsoft has all the information you need on the following page. Reach out if you have any questions regarding MFA; I will be happy to help!