MC1143999 – (Updated) Azure Information Protection: Enable multifactor authentication for your Azure tenant by October 1, 2025

Product:

Azure Information Protection, Entra, Purview Information Protection

Platform:

mobile, Online, World tenant

Status:

Change type:

Admin impact, Updated message, User impact

Links:

Details:

Summary:
Microsoft will enforce multifactor authentication (MFA) for all Azure resource management actions starting October 1, 2025, with a postponement option until July 2026. Users must enable MFA, update Azure CLI/PowerShell, and can apply Azure Policy to assess impact. Gallatin customers are advised to implement MFA without enforcement.

Details:
Updated September 5, 2025: Gallatin customers are advised to still implement multifactor authentication for user accounts to improve security, but there will not be Microsoft enforcement at this time.
Introduction
To strengthen security across Azure environments, Microsoft is introducing enforcement of multifactor authentication (MFA) for all Azure resource management actions. This change helps protect your organization from unauthorized access and aligns with industry best practices for identity protection.
This effort is part of Microsoft's commitment to enhance security for all customers and follows Azure's Phase 1 rollout completed last year. Phase 2 enforcement ensures that all Azure clients - including CLI, PowerShell, SDKs, and REST APIs - are protected against unauthorized access.
When this will happen
Phase 2 enforcement will begin rolling out on October 1, 2025, and will be applied gradually across tenants. Customers may postpone enforcement until July 2026 if additional time is needed to become compliant.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-08-29

updated:
2025-09-06

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

MFA Implementation
Users may face access issues if MFA is not set up before the enforcement date, leading to inability to perform Azure resource management actions.
   - roles: Azure Administrators, End Users
   - references: https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#phase-1-applications, https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/mfa-enforcement

Automation Breakage
Scripts and automation relying on user identities may fail if MFA is not configured, disrupting automated processes.
   - roles: DevOps Engineers, System Administrators
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-mandatory-multifactor-authentication, https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/mfa-enforcement

User Experience Degradation
Users unprepared for MFA may experience frustration and delays in accessing Azure resources, impacting productivity.
   - roles: End Users, Support Staff
   - references: https://learn.microsoft.com/entra/identity/authentication/concept-mfa-howitworks, https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#request-more-time-to-prepare-for-enforcement" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#request-more-time-to-prepare-for-enforcement

Compliance Risks
Failure to implement MFA may lead to compliance issues, especially for organizations handling sensitive data, risking data breaches.
   - roles: Compliance Officers, Security Officers
   - references: https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#request-more-time-to-prepare-for-enforcement" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#request-more-time-to-prepare-for-enforcement, https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/mfa-enforcement

Increased Support Tickets
A surge in support requests may occur as users struggle with MFA setup, overwhelming IT support resources.
   - roles: Help Desk Technicians, IT Support Managers
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-verify-that-users-are-set-up-for-mandatory-mfa, https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#request-more-time-to-prepare-for-enforcement" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#request-more-time-to-prepare-for-enforcement

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

User Training and Awareness Programs
Implementing a comprehensive training program for users on the importance of MFA and how to set it up will enhance user compliance and security awareness. This can lead to a smoother transition to mandatory MFA and reduce potential security risks during the implementation phase.
   - next-steps: Develop training materials and schedule training sessions for all users. Utilize Microsoft Learn resources for content creation.
   - roles: IT Administrators, Security Officers, Training Coordinators
   - references: https://learn.microsoft.com/entra/identity/authentication/concept-mfa-howitworks, https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/mfa-enforcement " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/mfa-enforcement

Automated MFA Compliance Reporting
Develop an automated reporting system to track MFA enrollment and compliance across the organization. This will help identify users who have not yet enrolled in MFA and allow for targeted follow-ups to ensure compliance before the enforcement deadline.
   - next-steps: Utilize Azure Policy to create compliance reports and schedule regular audits to ensure all users are enrolled in MFA.
   - roles: IT Administrators, Compliance Officers, Security Officers
   - references: https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/mfa-enforcement, https://learn.microsoft.com/entra/identity/authentication/how-to-mandatory-multifactor-authentication

Policy Enforcement and Impact Assessment
Applying Azure Policy to assess the impact of MFA enforcement will provide insights into which resources and users will be affected. This proactive approach allows for better planning and resource allocation to mitigate any disruptions during the transition.
   - next-steps: Implement Azure Policy in audit mode to gather data on current compliance levels and identify areas that need attention before enforcement.
   - roles: IT Administrators, Project Managers, Security Officers
   - references: https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/mfa-enforcement, https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet#request-more-time-to-prepare-for-enforcement

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only