InfoSecBulletin Cybersecurity for mankind
Microsoft warned Entra global admins to enable multi-factor authentication (MFA) for their tenants by October 15 to prevent users from losing access to admin portals.
This is part of Redmond’s Secure Future Initiative. It aims to protect Azure accounts from phishing and hijacking attempts by requiring mandatory MFA for all Azure sign-ins.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
Admins can extend the MFA requirement deadline for each tenant from August 15 to October 15, 2025.
However, “by postponing the start date of enforcement, you take extra risk because accounts that access Microsoft services like the Azure portal are highly valuable targets for threat actors,” Redmond warned. “We recommend all tenants set up MFA now to secure cloud resources.”
Microsoft has notified all Entra global admins in advance regarding the enforcement start date and the necessary actions through email and Azure Service Health Notifications until October.
If MFA is not turned on and there is no request to postpone enforcement until October, users will need to enable MFA when logging into administration portals to perform CRUD operations.
Users need to use MFA to access services like Windows 365 Cloud PC through the Intune admin center.
In early 2025, Microsoft will require MFA for Azure sign-ins to access Azure PowerShell, CLI, mobile app, and Infrastructure as Code (IaC) tools.
”Starting in October, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. The enforcement will gradually roll out to all tenants worldwide,” said Principal Product Manager Naj Shahid and Azure Compute Principal Product Manager Bill DeForeest.
“Beginning in early 2025, gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will commence. ”
Admins can use the authentication methods registration report to easily monitor who registered for MFA in their tenants.
