Skip to content

Article by Peter Thomas

As of October 15, 2024, Microsoft will mandate that all administrators use Multi-Factor Authentication (MFA) when accessing the Azure portal, Microsoft Entra admin centre, and Intune admin centre. While we have already strongly advocated on numerous blogs for the necessity of implementing MFA, it is still not in place everywhere and this is yet another reason for all organisations to turn it on.

This requirement extends to all services accessed through the Azure portal, Entra and Intune admin centres, such as Windows 365 Cloud PC. This change is a crucial step in strengthening IT security by reducing the risk of unauthorised access to administrative accounts. Note, this does not impact end users that are not required to sign into listed applications, websites or services hosted on Azure.

Technical Implications for Your Organisation

To comply with this upcoming enforcement, it is imperative to ensure that MFA is enabled across all administrator and user accounts within your tenant before the October 15th deadline. Failure to do so will result in admins being required to register for MFA upon their next sign-in, potentially causing disruptions in access and workflow, or being locked out from accessing organisation data. For organisations with complex environments, Ekco strongly recommend you start planning for enabling this feature now. You need to will allow for thorough testing and troubleshooting in your environment, ensuring that all systems and processes continue to function smoothly post-enforcement.

Third party MFA Providers

If your organisation is using a third party MFA provider (e.g. Okta, Duo, Ping) for additional second-factor authentication, these will require additional configuration to support MFA authentication.

Strategic Recommendations

1. Immediate MFA Implementation: We strongly recommend enabling MFA immediately for all admin accounts within your organisation. This will not only align your security posture with Microsoft’s guidelines but also provide your users and admins with sufficient time to adjust to the new authentication process.

2. Third party authentication will need to migrate to the external authentication methods (EAM) (preview) feature to continue using your third party authentication methods. This will require configuration from your third party provider using the steps outlined in this document. Additional configuration will then be required within your EntraID environment once completed.

3. Postponement Consideration: If your organisation faces challenges in meeting the October 15, 2024, deadline, Microsoft does provide an option to apply for a postponement. However, this should only be considered as a last resort, as delaying MFA implementation could expose your organisation to security risks.

4. Testing and Validation: Once MFA is enabled, Ekco recommends organisations conduct thorough testing to validate that all admins can access required services without issue. Ekco recommends organisations set up a pilot group to identify potential challenges early in the transition.

Conclusion

The importance of robust authentication methods like MFA cannot be overstated. They are a key step in enhancing security by design and one of the best ways to reduce overall IT risk. Ekco is committed to enabling stronger security controls to better protect businesses of all sizes. Should you need help to meet this deadline, our team is available to assist with MFA setup, testing, and any troubleshooting needs that may arise.

Don’t wait until the last minute for this deadline — take proactive steps to secure your admin portals and ensure compliance with Microsoft’s upcoming security requirements.

Question?
Our specialists have the answer