Starting October 1, 2025, Microsoft will require, without exception, audience based, multi-factor authentication (MFA) to manage Azure resources. If you have previously logged into Azure with a password, using official NO MFA method, that practice has ended. I like to think of MFA as additional security from a lock perspective. Just think of it as putting another lock on your front door. It may take an additional couple seconds to log in, but no one will be able to brute force access your orgs Azure resources.
Starting in October, MFA will be required to perform any Azure lifecycle management (create, update, or delete) regardless of how you are authenticating.
• Azure CLI
• PowerShell
• REST APIs and SDKs
• Infrastructure-as-Code tools
• Azure mobile app
This means MFA will be an access manager for Azure, whether you are using the Azure CLI or the mobile app!
• Azure CLI 2.76 or newer
• PowerShell 14.3 or newer
Using older versions? You better upgrade before October hits you!
I remember when I had to enable MFA for my own projects at first. My first thought was "ugh, another step" but then I quickly realized it would save me from worrying so much. Now I don't think about it, it becomes indistinguishable from simply logging in.
What is changing?
MFA across AzureStarting in October, MFA will be required to perform any Azure lifecycle management (create, update, or delete) regardless of how you are authenticating.
• Azure CLI
• PowerShell
• REST APIs and SDKs
• Infrastructure-as-Code tools
• Azure mobile app
This means MFA will be an access manager for Azure, whether you are using the Azure CLI or the mobile app!
Why is Microsoft doing this?
Microsoft is implementing MFA as part of their Secure Future Initiative. The reasoning is simple; passwords alone are not enough. Hackers are obtaining passwords far too easily. MFA stops most attacks by requiring a second level of verification such as a code sent to a phone, or an app approved.How to Prepare
Step 1: Upgrade Your Tools
Microsoft is saying you will need the latest versions to get all of this to work:• Azure CLI 2.76 or newer
• PowerShell 14.3 or newer
Using older versions? You better upgrade before October hits you!
Step 2: You need to enable MFA for all users
You don't want to do just do MFA for you, make everyone do it. And, if you have automation with user logins, you will want to replace them with service principals or managed identities so they can run properly without stopping at a MFA approval screen.Step 3: Decide if you should delay
Microsoft allows admins to delay enforcement of MFA until July 2026. Honestly, all this means is you have to to it later. You are going to have to take of this at some point, why not get started now?My Thoughts on this Change
I am excited that Microsoft is requiring this enforcement. I have witnessed too many cases of accounts getting hacked because someone clicked on a phishing link or used a bad password in the past. This greatly reduces that risk of being hacked.I remember when I had to enable MFA for my own projects at first. My first thought was "ugh, another step" but then I quickly realized it would save me from worrying so much. Now I don't think about it, it becomes indistinguishable from simply logging in.