Microsoft is making waves once again with some of its customers with a security change. We think it’s a good one — in fact, we think every business should implement this change anywhere they can.
Here’s what you need to know, both about the specific change in requirements for some Microsoft users and for why your business should make the switch regardless of whether you’re technically required.
What’s Changing: Azure Accounts Must Switch to MFA
Microsoft is changing the way Azure users will log into their accounts. Eventually every Azure product will require all accounts to log in using multi-factor authentication, or MFA.
MFA is a more secure method of authenticating, or logging into an account. Instead of providing just a username and password combination, logging in using MFA requires an additional factor (method) of authentication (establishing that you are who you claim to be and that you are authorized to use the account you’re logging into).
Specific products are up first in October (2024). These include Azure portal, Microsoft Entra admin center, and Intune admin center. That’s phase 1 of the change, but the fun doesn’t stop there. Over the course of 2025, the tech giant will start requiring MFA for additional products, including these:
- Azure Command Line Interface
- Azure PowerShell
- Azure mobile app
- Infrastructure as Code (IaC) tools
If you’re affected by this change, your admins (which in some cases may be your managed IT partner) should receive notice 60 days in advance.
Microsoft lists numerous types of MFA as acceptable options, including these:
- Microsoft Authenticator mobile app (using push notifications, biometrics, or unique passcodes)
- FIDO2 security keys (using USB dongles, NFC chips, or other external hardware keys)
- Certificate-based authentication (using PIV and CAC via X.509 certificates)
- Passkeys use Microsoft Authenticator in a slightly different way
- SMS and voice approval are still allowed, though discouraged
What Is Azure?
Azure is Microsoft’s cloud computing platform. It contains numerous distinct products that allow organizations to store data in the cloud, access computing power in the cloud, create and run applications, and run analytics on their data.
Azure is used by businesses of all shapes and sizes, from small businesses to global brands. If you’re a Microsoft-centric business and you operate in the cloud for anything beyond simple storage (OneDrive or SharePoint), then you’re probably using Azure in some capacity.
Why the Change?
Well, we can’t speak to the specifics of why Microsoft is doing this with these products right now (and not others). All we can tell you there is what the company says at the link above: that they’re trying to provide “the best protection against cyber threats.”
But we do know that MFA is way more secure than single-factor authentication (that’s the trusty ol’ username and password combination). For organizations using any of these Azure tools, the cost of a breach could be extremely high. Tightening up security — or, in this case, requiring users to tighten up security whether they want to or not — is a good move.
MFA Is a Good Idea, Period
We agree with Microsoft that implementing MFA is a good idea across the board — on any business-related service or account that allows for it.
That’s because the level of security is exponentially higher, and so is the level of sophistication needed to steal credentials or compromise an account.
With MFA turned on (especially using passkeys, authenticators, and biometrics), the bad guys have to go to extreme lengths to compromise an account — like stealing your fingerprint, your phone, or both. It’s not impossible to do, but it’s far, far harder than simply stealing, guessing, or cracking an alphanumeric password.
If you could use some guidance setting up MFA throughout your organization, we’d love to help. Reach out anytime!