Starting in July 2024, Microsoft will progressively implement mandatory Multi-Factor Authentication (MFA) for Azure users accessing the portal, Azure CLI, PowerShell, or Terraform to manage Azure resources. Users such as service principals, managed identities, workload identities, and accounts based on tokens used for automation will be exempt. Special recovery processes and break-glass accounts are still under evaluation
The deployment will start with the Azure portal and then extend gradually to CLI, PowerShell, and Terraform. The basic MFA provided by Azure's default security settings with the free version of Azure AD does not incur additional costs. Users will be required to use Microsoft Authenticator as the only authentication factor, except for the global administrator role which can also receive text messages. Conditional access is a premium feature in Azure AD P1 and P2 licenses, offering features like risk analysis. The rollout plan aims to minimize disruptions and communication will be through email and the Azure portal, clarifying the exception mechanisms for users without smartphones. https://www.silicon.fr/mfa-obligatoire-azure-microsoft-478729.html