Microsoft 365 MFA mandatory for admins from Feb. 3, 2025

[German]Quick note for administrators of Microsoft 365 tenants. As of February 3, 2025, Microsoft will begin enforcing multifactor authentication (MFA) for access to the Microsoft 365 Admin Center. The option to suspend this MFA for 14 days will then be removed for the tenants concerned.

Summary and explanation

The following tweet summarizes the most important key points that Microsoft has published in the tech community article Announcing mandatory multifactor authentication for the Microsoft 365 admin center in a very comprehensive form.

Microsoft 365 MFA

The Techcommunity article states that Microsoft will require MFA for all user accounts accessing the Microsoft 365 Admin Center from February 3, 2025. This requirement will be phased in at the tenant level. Administrators will receive a message via the Microsoft 365 Admin Center approximately 30 days before the tenant is eligible for enforcement.

14-day grace period ends

Ali Tajaran has also summarized another statement in a short text in this tweet. The most important point: Microsoft is ending the 14-day "grace period" for the suspension of the MFA requirement for access to the Microsoft Admin Center, which previously still existed.

Microsoft 365 Admin Center MFA

The existing option for administrators, to suspend the registration of multi-factor authentication (MFA) for a 14 day grace period, when security settings are activated, will be removed.

This means that all users (administrators) will have to register for MFA the first time they sign in to the Microsoft Admin Center after enabling security preferences. Ali Tajaran describes the steps to activate the security defaults in Microsoft Entra ID in the tweet (see screenshot).

This should help reduce the risk of account compromise during the 14-day period, as MFA can defend against over 99.2% of identity-based attacks. Microsoft plans to do this with the following deadlines:

  • New tenants: the transition will begin on December 2, 2024
  • Existing tenants: the transition will begin in January 2025

Administrators who do not use Conditional Access are recommended to enable the security defaults for their organization, as they are a simple and effective way to protect users and resources from common threats.

MFA in Microsoft 365 Admin Center

This entry was posted in Cloud, Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *