CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft Enforces MFA on Azure Portal Sign-ins for All Tenants

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft has enforced multifactor authentication (MFA) for Azure Portal sign-ins for all tenants since March 2025. This move follows a series of announcements and warnings aimed at enhancing security across Azure services. The enforcement is part of Microsoft's broader strategy to protect user accounts against cyber threats. The enforcement began with Azure Portal sign-ins and will extend to Azure CLI, PowerShell, SDKs, and APIs in October 2025. Microsoft's data shows that MFA significantly reduces the likelihood of account compromise and hacking attempts.

Timeline

  1. 05.09.2025 22:32 1 articles · 27d ago

    Microsoft Enforces MFA on Azure Portal Sign-ins for All Tenants

    Microsoft has enforced MFA for Azure Portal sign-ins for all tenants since March 2025. This move is part of a broader security initiative that includes warnings to Entra global admins and plans to extend MFA enforcement to other Azure services in October 2025. Microsoft's data shows that MFA significantly reduces the risk of account compromise and hacking attempts.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

GitHub Strengthens npm Supply Chain Security with 2FA and Short-Lived Tokens

GitHub is implementing enhanced security measures to protect the npm ecosystem, including mandatory two-factor authentication (2FA) and short-lived tokens. These changes aim to mitigate supply chain attacks, such as the recent "s1ngularity", "GhostAction", and "Shai-Hulud" attacks, which involved a self-replicating worm and compromised thousands of accounts and private repositories. The measures include granular tokens with a seven-day expiration, trusted publishing using OpenID Connect (OIDC), and automatic generation of provenance attestations for packages. Additionally, GitHub is deprecating legacy tokens and TOTP 2FA, expanding trusted publishing options, and gradually rolling out these changes to minimize disruption. GitHub removed over 500 compromised packages and blocked new packages containing the Shai-Hulud malware's indicators of compromise. The company encourages NPM maintainers to use NPM-trusted publishing and strengthen publishing settings to require 2FA. Ruby Central is also tightening governance of the RubyGems package manager to improve supply-chain protections.

Open in new tab

Critical Azure Entra ID Vulnerability Exposes Cross-Tenant Access Risks

A critical elevation of privilege (EoP) vulnerability in Azure Entra ID (formerly Azure Active Directory) could have allowed unauthorized access to virtually any Entra ID tenant. The flaw, tracked as CVE-2025-55241, stems from an authentication failure in the Azure AD Graph API, enabling the creation of impersonation tokens for cross-tenant access. The vulnerability was discovered in July 2025 and addressed over the summer, with no evidence of exploitation in the wild. The flaw highlights significant security gaps in Azure's authentication stack, particularly around undocumented 'Actor' tokens used for backend service-to-service communications. These tokens lack essential security controls, such as revocation capabilities, conditional access policies, and visibility, making them highly dangerous. The Azure AD Graph API, despite being scheduled for deprecation, is still used by many Microsoft applications, underscoring the broader implications of this vulnerability. The flaw was reported to Microsoft on July 14, 2025, and the company confirmed that the problem was resolved nine days later. The vulnerability has been assigned the maximum CVSS score of 10.0. It allowed impersonation of any user, including Global Administrators, across any tenant. The flaw could bypass multi-factor authentication (MFA), Conditional Access, and logging, leaving no trace. The flaw was addressed by Microsoft as of July 17, 2025, requiring no customer action. The Azure AD Graph API has been officially deprecated and retired as of August 31, 2025.

Open in new tab

Senator Wyden calls for FTC probe into Microsoft's alleged ransomware-related cybersecurity negligence

U.S. Senator Ron Wyden has called for an FTC investigation into Microsoft's alleged cybersecurity negligence, which he claims enabled ransomware attacks on U.S. critical infrastructure, including healthcare networks. The call follows a ransomware attack on Ascension, a healthcare system, which resulted in the theft of personal and medical information of nearly 5.6 million individuals. The attack was attributed to the Black Basta ransomware group and exploited insecure default settings in Microsoft software. The breach occurred in May 2024 when a contractor clicked on a malicious Bing Search result in Microsoft Edge, leading to a Kerberoasting attack. Attackers used Kerberoasting to extract encrypted service account credentials from Active Directory, leveraging the vulnerabilities in RC4. Wyden's letter to the FTC highlights Microsoft's continued support for RC4, an outdated encryption standard, and its failure to enforce secure password policies for privileged accounts. Microsoft has acknowledged the issues and plans to deprecate RC4 in future updates, but Wyden argues that these measures are insufficient to protect against ongoing threats.

Open in new tab