Final Call – MFA Enforcement in Azure

CategoriesAzureEntra IDMicrosoft 365
Last Updated on02/10/2024

In this post I will tell you what you need to know about the MFA-Enforcement @15th of October 2024.

For sure you’ve already heard about the MFA-Enforcement per 15th of October 2024 for Entra/Intune/Azure.
This post will show you what you need to know and to do.

Secure Future Initiative

November 2023, Microsoft launched the SFI (short for; Secure Future Initiative) to be prepared for the fastly increasing numbers of cyberattacks.
SFI combines every part of microsoft to increase the cybersecurity protection in the whole portfolio.

To reach a “secure future” it does not only require technologies, it also requires skilled people and last but not least; security culture.

As part of this initiative there will be global security changes, which will impact ALL of us.
If you want to know more about that, you can find here more information.

Impact on 15th of October and further impacts

Following portals will be impacted by the SFI, by the mentioned date in the table:

Application Name	Application ID	Enforcement by
Azure Portal	c44b4083-3bb0-49c1-b47d-974e53cbdf3c	15th of October 2024
Microsoft Entra admin center	c44b4083-3bb0-49c1-b47d-974e53cbdf3c	15th of October 2024
Microsoft Intune admin center	c44b4083-3bb0-49c1-b47d-974e53cbdf3c	15th of October 2024
Azure CLI	04b07795-8ddb-461a-bbee-02f9e1bf7b46	Start of 2025
Azure PowerShell	1950a258-227b-4e31-a9cf-717495945fc2	Start of 2025
Azure mobile app	0c1307d4-29d6-4389-a11c-5cbe7f65d7fa	Start of 2025
Infrastructure as Code tools	Azure CLI or Azure PowerShell IDs	Start of 2025

Impacted Accounts

All users who sign in into the applications above to perform any Create, Read, Update or Delete operation will require MFA when the enforcement begins.

Service Pincipals as well as Workload Identities aren’t impacted from MFA-Enforcement.
So make sure, no User identities are used for automated tasks.

What happens to my break-glass accounts?

Also your break-glass accounts will be required to use MFA.
These accounts should be populated for the usage of Hardware Token or configure certificate-based authentication for MFA.

If you need inspiration on your FIDO-Token order, I can recommend you Token2.
For more information about FIDO-Keys and especially Token2 I recommend you reading the post of Michele here.

Summary

As a roundup I can say; Make sure you’ve checked your sign-ins for user without MFA.

Source used in this post

The author

Mika

Engineer | Blogger | Evangelist

All Posts of the Author