MFA access policies will be required to access admin portals
On November 6, Microsoft announced automatic Microsoft Entra Conditional Access policies which will require that customers and partners must use multifactor authentication (MFA) to access admin portals such as Azure, Partner Center, Microsoft 365 Admin, and other portals. This step is part of the larger Secure Future Initiative announced by Brad Smith.
Microsoft has designed these policies based on their deep knowledge of the current cyberthreat landscape to help customers strengthen their security baseline, and they’ll adapt them over time to keep the security bar high.
- November 2, 2023 – Microsoft’s broad policy, inclusive of MFA requirements, announced via blog posts by Brad Smith and Charlie Bell.
- November 6, 2023 – Announced roll-out of Conditional Access policies by Alex Weinert.
- November 9, 2023 – Microsoft notified customers and partners about new Conditional Access policies, followed by additional communication with specific guidance.
- February 2024 – Start of rollout of Conditional Access policies to customers (including partners)
Microsoft has begun a gradual rollout of these policies to all eligible tenants starting mid November 2023. Microsoft will notify tenants in advance, of course. Once the policies are visible in a tenant, partners and customer will have 90 days to review and customize (or disable) them before Microsoft turn them on. For those 90 days, the policies will be in report-only mode, which means Conditional Access will log the policy results without enforcing them.
Discover your Partner Center security score
Now each PAC has a security score to help you understand your security posture so you can identify areas for improvement. Learn more, including how it’s calculated.
Security Score will take into account the following security requirements:
- Requiring multifactor authentication (MFA) for administrative roles on partner’s tenant.
- Response to alerts is 24 hours or less on average.
- Provide a Security contact.
- All Azure subscriptions have a spending budget.
More information about the Security Requirements Dashboard and the associated partner Security Score can be found here.