Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025.
The company’s Azure MFA enforcement efforts were announced in May 2024 when Redmond began implementing mandatory MFA for all users signing into Azure to administer resources.
One year ago, in August 2024, Microsoft also warned Entra global admins to enable MFA for their tenants by October 15, 2024, to ensure users don’t lose access to admin portals.
After completing the rollout for Azure portal sign-ins, the company will begin enforcing MFA on Azure CLI, PowerShell, SDKs, and APIs in October 2025 to protect users’ accounts against attacks.
“We are proud to announce that multifactor enforcement for Azure Portal sign-ins was rolled out for 100% of Azure tenants in March 2025,” Microsoft said on Friday.
“By enforcing MFA for Azure sign-ins, we aim to provide you with the best protection against cyber threats as part of Microsoft’s commitment to enhance security for all customers, taking one step closer to a more secure future.”
These changes follow a November 2023 announcement that Microsoft would soon roll out Conditional Access policies requiring MFA for all admins when signing into Microsoft admin portals (including Entra, Microsoft 365, Exchange, and Azure), for users on all cloud apps, as well as for high-risk sign-ins.
As part of the same effort to boost MFA adoption, Microsoft-owned GitHub has begun enforcing two-factor authentication (2FA) for all active developers starting in January 2024.
A Microsoft study from two years ago found that 99.99% of accounts protected by MFA successfully fend off hacking attempts and that MFA also lowers the likelihood of account compromise by 98.56%, even when attackers attempt to use stolen credentials.
“Our goal is 100 percent multifactor authentication,” former Microsoft VP of Identity Security Alex Weinert said at the time. “Given that formal studies show multifactor authentication reduces the risk of account takeover by over 99 percent, every user who authenticates should do so with modern strong authentication.”
Picus Blue Report 2025 is Here: 2X increase in password cracking
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Related Articles:
Microsoft to enforce MFA for Azure resource management in October
Storm-0501 hackers shift to ransomware attacks in the cloud
MFA matters… But it isn’t enough on its own
Hackers abused API to verify millions of Authy MFA phone numbers
Threat actors try to downgrade FIDO2 MFA auth in PoisonSeed phishing attack