News
Microsoft To Require Multifactor Authentication for Azure Users
Microsoft last week announced that, starting in July, all users of Azure services will be required to set up and use multifactor authentication (MFA) when logging in.
The company said that the rollout will be gradual and will add "an extra layer of protection to the standard username and password authentication, making it harder for attackers to compromise accounts and steal data." MFA will be managed through Microsoft Entra and can be set up today, ahead of the mandatory rollout.
The new policy was made to curb the rise in attacks. According to Microsoft, 99.9 percent of all compromised Azure accounts did not use MFA. Further, the company said its own reporting found that MFA would be successful in blocking 99.2 percent of all account compromises, especially in the era of the hybrid workforce.
"Today, more people work outside of the office and access data and applications from various devices and locations," wrote Microsoft's Erin Chapple. "All of this has increased the attack surface and the potential for unauthorized access, as users may use unsecured networks, devices, or passwords. MFA can help mitigate these risks by adding an extra verification step and preventing access from unknown or suspicious sources."
Microsoft's updated policy appears to have brought some blowback from the community. In the comments below, many expressed concerns with the lack of details with the upcoming MFA rollout, and some sharing concerns that deploying MFA would be difficult or impossible.
User "PMunro" shared the following concern: "This would be phenomenally difficult for us -- we are a Trust of Special Educational Needs schools and as such, would be unable to facilitate this at all with our students. This should be obvious to Microsoft and in spite of the clear security advantages of MFA for staff and other connected adult accounts, we would be at odds with our student base and their ability if we were to enforce this kind of security requirement at login etc."
User "adamrylands" expressed a similar concern: "IT Manager at a school here -- this is going to truly mess us up as phones are banned by our government in schools. Guess we have to switch to Google services now? Cheers Microsoft for another painful change."
Microsoft has not yet responded to the list of growing community concerns.