Microsoft says it has been implementing multifactor authentication (MFA) for Azure Portal sign-ins throughout all tenants since March 2025.
The corporate’s Azure MFA enforcement efforts had been introduced in Might 2024 when Redmond started implementing necessary MFA for all customers signing into Azure to manage sources.
One yr in the past, in August 2024, Microsoft additionally warned Entra international admins to allow MFA for his or her tenants by October 15, 2024, to make sure customers do not lose entry to admin portals.
After finishing the rollout for Azure portal sign-ins, the corporate will start implementing MFA on Azure CLI, PowerShell, SDKs, and APIs in October 2025 to guard customers’ accounts towards assaults.
“We’re proud to announce that multifactor enforcement for Azure Portal sign-ins was rolled out for 100% of Azure tenants in March 2025,” Microsoft mentioned on Friday.
“By implementing MFA for Azure sign-ins, we purpose to give you the perfect safety towards cyber threats as a part of Microsoft’s dedication to boost safety for all prospects, taking one step nearer to a safer future.”
These adjustments observe a November 2023 announcement that Microsoft would quickly roll out Conditional Entry insurance policies requiring MFA for all admins when signing into Microsoft admin portals (together with Entra, Microsoft 365, Trade, and Azure), for customers on all cloud apps, in addition to for high-risk sign-ins.
As a part of the identical effort to spice up MFA adoption, Microsoft-owned GitHub has begun implementing two-factor authentication (2FA) for all lively builders beginning in January 2024.
A Microsoft examine from two years in the past discovered that 99.99% of accounts protected by MFA efficiently fend off hacking makes an attempt and that MFA additionally lowers the probability of account compromise by 98.56%, even when attackers try to make use of stolen credentials.
“Our objective is one hundred pc multifactor authentication,” former Microsoft VP of Id Safety Alex Weinert mentioned on the time. “On condition that formal research present multifactor authentication reduces the chance of account takeover by over 99 p.c, each consumer who authenticates ought to achieve this with fashionable sturdy authentication.”
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration traits.