Microsoft will gradually require multi-factor authentication for all Azure users this summer. In this way, the company hopes to take out an important vector for cybercriminals.

MFA will be mandatory for all Azure users starting in July. Microsoft itself announces this. The company will be rolling out multi-factor authentication in stages and will provide specific timing soon via email and notifications in the Azure portal. By requiring MFA at the tenant level, Microsoft adds an additional layer of security that better protects customers.

Compromised accounts are critical to attackers in almost all hacks that do not exploit a zero-day vulnerability. Most ransomware attacks start with an account that criminals gain unauthorized access to. Hackers gain access to these accounts through phishing, easy-to-guess passwords, or reused password information circulating on the Internet after a previous breach.

Simple but very strong

Microsoft’s own research shows that 99.9 percent of compromised accounts did not use MFA. The research also shows that simply enabling MFA can block 99.2 percent of attacks that use accounts. By setting up MFA, you make it very difficult for cybercriminals.

This is no news: poorly secured accounts have been the Achilles’ heel of security for many years, and MFA has been available as a powerful and simple solution for years. However, in many cases authentication with an additional factor is not used. Due to the importance of MFA, Microsoft has therefore decided to no longer wait for voluntary implementation but to make the technology mandatory.

uncertainty

Setting up MFA is easy and free. You don’t have to wait for Microsoft to commit. You can find the correct settings in the Microsoft Entra dashboard. There are still some uncertainties before the obligation comes into force. For example, Microsoft does not reveal whether there will be exceptions for service accounts. Microsoft isn’t the only one using MFA. AWS already introduced a similar policy in 2023.