Recently, Microsoft has been on the sharp end of a not particularly deserving security stick, what with the blowback from the CrowdStrike incident that unfairly got laid at Microsoft’s virtual doorstep. Read last month’s RWC for my take on that, I’m not going to repeat myself here. My point being that I think the Redmond giant is lumbering in the right direction with security overall. What’s happening with Azure is a good example of this.
Microsoft’s mandatory MFA move
On 15 October, a new mandatory multi-factor authentication sign-in process will roll out that impacts the Azure portal, Microsoft Entra admin centre and Intune admin centre. An August announcement dropped the 60-day warning for admins, but also confirmed an extended timeframe would be available to customers dealing with more complex environments that create technical barriers for them to overcome.
It’s also worth noting that end users who aren’t signing in to the Azure portal, CLI or PowerShell, but rather accessing apps and services, won’t be hit by the mandatory MFA requirement. Unless, that is, the owners of the services in question mandate it. Which comes with additional implications that mean many won’t consider it. Nobody ever said this security thing
