Security News > 2023 > November > Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button

It mandates privileged admin accounts to complete MFA when accessing Microsoft admin portals such as Azure, Microsoft 365 admin center, and Exchange admin center.

Admins can choose to opt out of the policy despite the warning, but Microsoft said in the future it will place an increasing number of MFA requirements on specific interactions regardless.

Those on the Microsoft Entra ID Premium Plan 2 also have their own policy, requiring MFA for all high-risk sign-ins - access attempts from accounts that have recently shown behavior outside of what is considered to be normal.

These policies represent the latest step taken by Microsoft to increase MFA uptake to an idealistic 100 percent of all customers.

The 2019 "Security defaults" initiative from Microsoft, which involved the automatic application of basic security controls as standard for all new Microsoft customers - including MFA - has led to more than 80 percent of newbies since then keeping MFA enabled.

The overall uptake is still much lower than what Microsoft would want, though.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/07/microsoft_likens_mfa_to_1960s/