Folks, there is an update with additional details on the Microsoft will require MFA for all Azure users post. Here's a quick summary. ✅ Scope → Azure Portal → CLI → PowerShell → Terraform to administer Azure resources 👥 Impact on end users The following will be impacted only if they are signing into administer. Apps/sites hosted on Azure are not impacted. → Students → Guest users → other end-users 🚫 Exclusions Token-based accounts used for automation are excluded, including → Service principals → Managed identities → Workload identities 📆 Timeline Beginning July 2024, a gradual rollout of the portal will commence. Once completed a similar gradual rollout will start for → CLI → PowerShell → Terraform 📲 MFA Methods All Entra ID MFA methods will be available. ⛔ Exceptions There will be no opt-out. An exception process will be provided for cases where no workaround is available. 💌 Communication Microsoft will send detailed information and timelines through official emails. This blog post was to raise awareness. Read the full post and comments at ✅ Rolling out MFA to your users If there is one takeaway that I can share. It is to start enrolling your Azure users for MFA if you haven't already. Here's a quick guide. Using MFA Registration Policy If you have E5 (Entra ID P2) it's as simple as configuring this MFA registration policy which will ensure your users have at least one form of MFA set up If you don't have E5 see below on how you can report on users without MFA and send targeted comms. Conditional Access policy for MFA Alternatively if you have P1 you can create a conditional access policy requiring MFA. This will force users to register for MFA if they haven't set one up for their account. NOTE: If you don't have a conditional access policy for MFA I strongly recommend you create one using the template at Monitoring MFA Registration You can monitor who has registered for MFA using the authentication methods registration report. See This can also be used by those who don't have P2 to monitor and send targeted comms to users that don't have MFA. Here's a PowerShell script I've shared previously to quickly get a report of the MFA state of all your users. MFA email templates We also provide email templates that you can use to inform your users about MFA and why you are rolling it out. Download them from Found this useful? Please bookmark, like and repost to raise awareness. It's 2024. Let's get secure and keep the baddies out.

Phishing kits are software developed to aid threat actors in harvesting #credentials and quickly capitalizing on them. Most of these kits have been around for years so why the renewed interest? #credentialtheft #phishkit @threatinsight