Redmond's security policies will soon be imposed without choice.
Microsoft announced that it will soon implement conditional access policies that will require administrators to use multi-factor authentication (MFA) when logging in to corporate portals, including Microsoft 365, Entra, Exchange, and Azure.
In addition, the company will introduce policies that require MFA users to use this system for all cloud applications, as well as a policy that requires MFA to be classified as high-risk (available only for Microsoft Entra ID Premium Plan 2 users).
Microsoft-managed policies will be gradually added in "Report-only" mode for compatible Microsoft Entra clients starting next week. Once the deployment reaches the client, administrators will have 90 days to review the policies and decide whether to activate them.
Microsoft will automatically enable conditional access policies only for customers who have not had them disabled within 90 days of implementation.
"Pay great attention to the first policy. We strongly recommend that multi-factor authentication protects all users 'access to admin portals, such as portal.azure.com Microsoft 365 Admin Center and Exchange Admin Center," said Alex Weinert, Microsoft's vice president of identity Security.
"Despite the possibility of rejecting these policies, Microsoft teams will increasingly require multi-factor authentication for certain interactions, as is already the case in certain Azure subscription management scenarios, the Partner Center, and when registering devices with Microsoft Intune," the company added.
Organizations will reportedly be able to modify these policies by cloning them and adapting them to their needs, starting with Microsoft's recommended settings.
"Our goal is 100% use of multi-factor authentication. Given that many studies show that MFA reduces the risk of account hijacking by more than 99%, every user who authenticates should use modern security methods," concluded Weinert.
Microsoft announced that it will soon implement conditional access policies that will require administrators to use multi-factor authentication (MFA) when logging in to corporate portals, including Microsoft 365, Entra, Exchange, and Azure.
In addition, the company will introduce policies that require MFA users to use this system for all cloud applications, as well as a policy that requires MFA to be classified as high-risk (available only for Microsoft Entra ID Premium Plan 2 users).
Microsoft-managed policies will be gradually added in "Report-only" mode for compatible Microsoft Entra clients starting next week. Once the deployment reaches the client, administrators will have 90 days to review the policies and decide whether to activate them.
Microsoft will automatically enable conditional access policies only for customers who have not had them disabled within 90 days of implementation.
"Pay great attention to the first policy. We strongly recommend that multi-factor authentication protects all users 'access to admin portals, such as portal.azure.com Microsoft 365 Admin Center and Exchange Admin Center," said Alex Weinert, Microsoft's vice president of identity Security.
"Despite the possibility of rejecting these policies, Microsoft teams will increasingly require multi-factor authentication for certain interactions, as is already the case in certain Azure subscription management scenarios, the Partner Center, and when registering devices with Microsoft Intune," the company added.
Organizations will reportedly be able to modify these policies by cloning them and adapting them to their needs, starting with Microsoft's recommended settings.
"Our goal is 100% use of multi-factor authentication. Given that many studies show that MFA reduces the risk of account hijacking by more than 99%, every user who authenticates should use modern security methods," concluded Weinert.
