In light of recent security developments, Microsoft has issued a critical warning to Entra global admins regarding the mandatory implementation of multi-factor authentication (MFA) by October 15, 2024. This requirement is part of the Secure Future Initiative, designed to bolster protection against phishing and account hijacking. As organizations prepare for this significant change, it is essential to understand the implications, necessary actions, and the importance of compliance to safeguard sensitive data and maintain access to vital admin portals. Below is a summary that outlines the key points related to this initiative.
What is happening?
Microsoft has announced that multi-factor authentication (MFA) will be mandatory for all Entra global admins by October 15, 2024. This requirement is part of the Secure Future Initiative (SFI) aimed at enhancing security against phishing and account hijacking. Admins can postpone this enforcement until April 15, 2025, but doing so increases security risks.
What does this mean for me and my organization?
If your organization does not enable MFA by the deadline, users will be required to set it up before accessing admin portals like Entra and Intune. This will affect operations that involve creating, reading, updating, or deleting resources. Additionally, MFA will be enforced for Azure sign-ins and other tools in early 2025.
What do I need to do?
You should enable MFA for all users in your organization as soon as possible. Monitor the registration status using the authentication methods registration report or PowerShell scripts. If you need more time, consider postponing the enforcement, but be aware of the associated risks.
What are the implications of non-compliance?
Failure to comply with the MFA requirement will result in users being unable to access critical admin portals and services. This could disrupt operations and expose your organization to increased security risks, as accounts without MFA are more vulnerable to attacks.
Why should I do this?
Implementing MFA significantly enhances account security, reducing the risk of account compromise by over 98%. Microsoft studies show that MFA-enabled accounts resist hacking attempts 99.99% of the time. Adopting MFA is a proactive measure to protect your organization’s sensitive data and resources from cyber threats.
We strongly urge you to take immediate action to enable MFA for all users in your organization. Should you have any questions or require assistance, please do not hesitate to reach out to our dedicated support team.
Phone: 833-574-2370
About Fortress SRM:
Fortress Security Risk Management protects companies from the financial, operational, and emotional trauma of cybercrime by enhancing the performance of their people, processes, and technology.
Offering a robust, co-managed solution to enhance an internal IT team’s capability and capacity, Fortress SRM features a full suite of managed security services (24/7/365 U.S. based monitoring, cyber hygiene (managed patching), endpoint detection and response (EDR), and air-gapped and immutable cloud backups) plus specialized services like Cybersecurity-as-a-Service, Incident Response including disaster recovery & remediation, M&A cyber due diligence, GRC advisory, identity & access management, threat intelligence, vulnerability assessments, and technical testing. With headquarters in Cleveland, Fortress SRM supports companies with both domestic and international operations.
In Case of Emergency:
Cyber Attack Hotline: 888-207-0123 | Report an Attack: IR911.com
For Preventative and Emergency Resources, please visit:
RansomwareClock.org