Skip to content
data-and-cloud-computingTechnology

Azure portal now enforces compulsory multi-factor authentication

Strengthening Security: Microsoft Imposes Multi-Factor Authentication (MFA) for Azure Portal Access Starting 2024

 and  Administrator
2 min read
Microsoft enforces mandatory multi-step verification for Azure portal access
Microsoft enforces mandatory multi-step verification for Azure portal access

Azure portal now enforces compulsory multi-factor authentication

Starting from the second half of 2025, Microsoft will implement a new security measure for its applications that use Microsoft 365 services. This measure, known as Multi-Factor Authentication (MFA), will be enforced as part of conditional access policies managed by Microsoft Entra ID.

The purpose of this change is to bolster the security of user data by requiring MFA for CRUD (Create, Read, Update, Delete) operations. However, it's important to note that after MFA is enabled, ROPC-based APIs used in applications will throw exceptions.

Microsoft also recommends migrating user identities to managed identities for automations, as user identities are not recommended for such tasks. Fortunately, managed identities, such as managed identities and service principals, remain unaffected by both phases of the MFA enforcement.

Interestingly, the Azure PowerShell and Azure command-line interface (Azure CLI) are not mentioned in the context of MFA enforcement or compatibility issues.

The OAuth 2.0 Resource Owner Password Credentials (ROPC) token grant flow is not compatible with Multi-Factor Authentication (MFA) in the Microsoft Entra tenant. For more information on migrating ROPC-based APIs in Microsoft Authentication Libraries (MSAL), see the guide titled "Migrating from ROPC" on the MSAL website.

If user identities are used to log in as a service account to perform automations (including scripts or other automated tasks), these user identities must log in with MFA after the enforcement begins. However, there is no specific date mentioned for the enforcement of MFA for user identities in the provided information.

Lastly, it's worth noting that the Microsoft Intune admin center does not provide compatibility with MFA using the OAuth 2.0 Resource Owner Password Credentials (ROPC) token grant flow.

For those seeking more information on implementing MFA in their Microsoft applications, language-specific MSAL guides can be found on the Microsoft Authentication Libraries (MSAL) website.

Read also:

Related

Latest