Microsoft has announced that multifactor authentication (MFA) will soon become mandatory for all Azure users as part of its Secure Future Initiative. This change follows a string of major cybersecurity breaches—including one at Microsoft itself—and is designed to protect users from account compromise and credential-based attacks. 

What’s Changing? 

Microsoft has already required MFA for all sign-ins to Azure since October of 2024. This includes: 

Phase 1 October 2024: 

• Azure Portal 

• Microsoft Entra Admin Center 

• Intune Admin Center 

What is just around the corner is phase 2:

Phase 2 September 2025: 

• Azure CLI 

• Azure PowerShell 

• Azure Mobile App 

• Infrastructure-as-code tools 

Microsoft will give a 60-day notice before enforcement begins and will offer extensions for certain customers. Microsoft’s own network was breached earlier this year by a threat actor known as Midnight Blizzard. The attacker gained access through a legacy test account that didn’t have MFA enabled—the kind of oversight this mandate is intended to prevent. 

Why MFA 

According to Microsoft product managers Naj Shahid and Bill DeForeest, MFA blocks 99.2% of account compromise attacks. Microsoft is encouraging users to adopt phishing-resistant methods, such as: 

• Microsoft Authenticator 

• FIDO2 security keys 

• Passkeys 

• Certificate-based authentication 

What It Means for Our Clients 

At Access Tech, we support this move—and we’ve already enforced MFA internally and helping customers get ahead of it. 

Whether you’re managing your own Microsoft tenant or need help navigating the ins and outs of this new mandate – we have your back. Especially for transit agencies and public-sector organizations, protecting your digital infrastructure is essential. 

We’ll be reaching out to clients with Azure or Entra environments to begin planning for these changes. If you’re unsure whether your current setup is MFA-ready or compliant, let us help. Reach out today to schedule a free MFA meeting.