Azure AD MFA

Microsoft will soon enable multi-factor authentication (MFA) for all high-privileged Azure AD accounts, the company said on Friday.

The MFA feature will be part of Microsoft Azure AD's "baseline policy," a set of security features that are enabled for accounts to support a minimum of security measures.

The "MFA-by-default for admin accounts" baseline policy is currently in a public preview phase, and any Azure AD customer can enable it by following the steps described here.

Microsoft says that once the feature goes out of "public preview" and into "general availability," the following Azure AD account types will be prompted to configure multi-factor authentication settings to access their accounts.

Global administrator
SharePoint administrator
Exchange administrator
Conditional access administrator
Security administrator

Azure AD multi-factor authentication options include:

Call to phone
SMS security code
Notification through mobile app
OATH  verification code from mobile app

Azure AD tenants can opt out if it's an inconvenience

Azure AD tenants can opt out of using this baseline policy for their organization, if they wish to, albeit security researchers advise against it.

"Attackers who get control of privileged accounts can do tremendous damage, so it’s critical to protect these accounts first," said Alex Simons, Director of Program Management, Microsoft Identity Division.

Third Azure AD feature launched last week

Last week, Microsoft also announced the public preview of two other Azure AD tools. The first is named Azure AD Password Protection and was designed to help customers eliminate easily guessable passwords from their setups.

The second is named Azure AD Smart Lockout and is a tool that detects brute-force attacks and temporarily locks access to the targeted accounts.

In 2016, Microsoft decided to ban users from using passwords that had been included in leaked lists of passwords that originated from data breaches at other companies.

At the time, Microsoft said its infrastructure handled over 13 billion authentications per day, of which 1.3 billion were for Azure AD accounts. Of these 13 billion, Microsoft said over 10 million authentication requests were malicious in nature.

Related Articles:

Microsoft to Offer 12TB Virtual Machines in the Near Future

Unknown Dev Brings LibreOffice to Windows 10 via the Microsoft Store

That IE Zero-Day From May Needed a Second Patch in July

Microsoft Edge's XSS Filter Appears to Be Broken

Microsoft, Google, Facebook, Twitter Announce "Data Transfer Project"