Mandatory MFA on the horizon for Azure, Entra & Intune admins

To ensure best practice and greater resilience against the latest threats, Microsoft is set to enforce the mandatory adoption of MFA for admin accounts across Azure, Entra and Intune. But why is this being introduced, and what does it mean for you?

The global reliance on the Microsoft cloud services has made their technology stack an attractive target for cybercriminals. Microsoft 365 is used by over 1 million companies worldwide and more than 56% of all organisations have chosen to run at least some of their infrastructure in Azure. It’s for this reason that Microsoft is looking to make some significant investments into security across its platforms, starting with the enforcement of multi-factor authentication (MFA) from October 15th 2024 for Azure, Entra and Intune admin centres. 

Why is Microsoft enforcing MFA? 

Security is already high on the priorities list for Microsoft, and MFA has been identified as an effective route to closing a common entry point for cybercriminals. Over 80% of cyber breaches occur as a result of weak or stolen passwords, and while many organisations are already operating with MFA in place for their admin accounts, there is clearly still a large proportion who don’t. Microsoft’s own research even reveals that 99.9% of compromised accounts are not using MFA.  

Enforcing MFA will require all admin accounts to provide an additional layer of identification during the sign-in process. Whether that’s using one-time passcodes generated from their mobile phone or scanning a fingerprint to prove their identity. The justification for enforcing this is clear, with Microsoft reporting that MFA successfully reduces the risk of compromise by 99.2%.  

It’s a seemingly simple, yet crucially important best practice security measure for something that is a vital component of any infrastructure. Public cloud accounts are frequently targeted by cybercriminals who see an opportunity to ‘steal’ compute resources under the guise of authorised users. This is hard to distinguish from legitimate activity and IT teams are often unaware of a breach until the next billing period, where unwarranted usages are likely to appear.  

Enforcing MFA also comes with other security benefits. In most compliance standards, such as ISO 27001 and SOC 2, MFA is a critical security control. By applying it within your tenant, you’ll be meeting the necessary security standards and regulations.  

A phased rollout for all administrator accounts across Microsoft Azure portal, as well as Entra and Intune admin centres is set to commence from 15th October 2024, continuing into early 2025.  

Don’t wait for the inevitable 

With October 15th having arrived, the train has already left the station to an extent. Microsoft has already confirmed that if you hadn’t set up MFA before the deadline, you will be prompted to do so when you next log in after this point. 

Whilst the process of setting up MFA is relatively straightforward, you may be looking for some expert support to ensure the set-up process goes off without a hitch. If you’re looking for help, the brilliant team at FluidOne can assist.  

Chance for a belated spring clean 

While adding MFA to your admin accounts is a simple measure, it also provides a neat juncture to review and rationalise your estate while actioning any necessary account hygiene measures. Many organisations operate with a single admin account as a shared login for multiple users. This not only poses additional security risks, but creates a lack of visibility and accountability. It’s also very difficult to successfully deploy MFA principles across a shared account, so those working in this way are best advised to ensure they create separate, individual logins to facilitate the switch to mandatory MFA. 

You may also need to review and remove redundant accounts. These could be tied to employees that have left, communal accounts that are no longer in use or even ‘glass break’ accounts (privileged accounts that can be used in an emergency to restore access) that are no longer needed.  

MFA deployment made easy 

Whether you’re unsure of the implications of Microsoft’s upcoming MFA enforcement, want some help deploying these measures within your account, or want to take the chance to conduct a more detailed review of your estate, our experts are here to help. 

Book a discovery call today to speak with one of the team and find out how our Business IT solutions can help you and your organisation.