![Azure Information Protection: Enable multifactor authentication for your Azure tenant by October 1, 2025 [MC1143999]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-weekendplayer-93820-1024x683.webp "Azure Information Protection: Enable multifactor authentication for your Azure tenant by October 1, 2025 [MC1143999] 5")
Introduction
To strengthen security across Azure environments, Microsoft is introducing enforcement of multifactor authentication (MFA) for all Azure resource management actions. This change helps protect your organization from unauthorized access and aligns with industry best practices for identity protection.
This effort is part of Microsoft’s commitment to enhance security for all customers and follows Azure’s Phase 1 rollout completed last year. Phase 2 enforcement ensures that all Azure clients – including CLI, PowerShell, SDKs, and REST APIs – are protected against unauthorized access.
When this will happen
Phase 2 enforcement will begin rolling out on October 1, 2025, and will be applied gradually across tenants. Customers may postpone enforcement until July 2026 if additional time is needed to become compliant.
How this will affect your organization
Users will be required to set up MFA before performing Azure resource management actions (via Azure CLI, PowerShell, Mobile App, Identity SDK, IaC tools, or REST APIs).
Enforcement applies to all Azure tenants in the public cloud and all users. This includes automation and scripts using user identities (instead of application IDs). The Phase 2 Azure Portal experience will show when enforcement is active on a tenant.
If your organization cannot meet the enforcement deadline, you can postpone your tenant’s enforcement date.
What you need to do to prepare
- Verify MFA Readiness: Ensure all users performing Azure resource management actions are enrolled in MFA.
- Apply Azure Policy: To understand the potential impact, apply a built-in Azure Policy definition in audit or enforcement mode to assess impact.
- Upgrade Azure CLI or PowerShell Versions: For the best compatibility experience, users in your tenant should use Azure CLI version 2.76 or later and Azure PowerShell version 14.3 or later.
- Postpone If Needed: Global administrators can self-serve postponement in the Azure Portal before enforcement begins.
This change will happen automatically. No admin action is required unless you need to delay enforcement.
Learn more:
- How it works: Microsoft Entra multifactor authentication | Microsoft Learn
- How to verify that users are set up for mandatory MFA | Microsoft Learn
- Planning for mandatory multifactor authentication for Azure and other admin portals | Microsoft Learn
- Tutorial: Self-enforce MFA through Azure Policy – Azure Policy | Microsoft Learn
Compliance Considerations
No compliance considerations identified, review as appropriate for your organization.
Source: Microsoft
Latest Posts
- Azure Information Protection: Enable multifactor authentication for your Azure tenant by October 1, 2025 [MC1143999]
- Microsoft Purview compliance portal: Data Loss Prevention – Upcoming Change to DLP Alert Settings [MC1143996]
- Microsoft Teams Rooms on Windows: Universal Touch Console Support for Touchboards [MC1143994]
- AWS Network Firewall launches ReceivedBytes metric for stateless and stateful engines
![Microsoft Purview compliance portal: Data Loss Prevention – Upcoming Change to DLP Alert Settings [MC1143996]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-yankrukov-8866797-96x96.webp "Microsoft Purview compliance portal: Data Loss Prevention - Upcoming Change to DLP Alert Settings [MC1143996] 10")