CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Microsoft enforces MFA on Azure Portal sign-ins for all tenants

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Microsoft has enforced multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. This enforcement is part of a broader initiative to enhance security by mitigating the risk of account compromise. The move follows previous warnings and announcements aimed at increasing MFA adoption across Microsoft services. Microsoft will extend MFA enforcement to Azure CLI, PowerShell, SDKs, and APIs in October 2025. This step is crucial for protecting user accounts against cyber threats and aligns with Microsoft's ongoing commitment to security.

Timeline

  1. 05.09.2025 22:32 πŸ“° 1 articles

    Microsoft completes MFA enforcement for Azure Portal sign-ins

    Microsoft has enforced MFA for Azure Portal sign-ins for all tenants since March 2025. This enforcement is part of a broader initiative to enhance security by mitigating the risk of account compromise. The move follows previous warnings and announcements aimed at increasing MFA adoption across Microsoft services. Microsoft will extend MFA enforcement to Azure CLI, PowerShell, SDKs, and APIs in October 2025.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Axios Abuse and Salty 2FA Kits in Microsoft 365 Phishing Campaigns

Threat actors are leveraging HTTP client tools like Axios and Microsoft's Direct Send feature to execute advanced phishing campaigns targeting Microsoft 365 environments. These campaigns have demonstrated a 70% success rate, bypassing traditional security defenses and exploiting authentication workflows. The attacks began in July 2025 and have targeted executives and managers in various sectors, including finance, healthcare, and manufacturing. The phishing campaigns use compensation-themed lures to trick recipients into opening malicious PDFs containing QR codes that direct users to fake login pages. Additionally, a phishing-as-a-service (PhaaS) offering called Salty 2FA is being used to steal Microsoft login credentials and bypass multi-factor authentication (MFA). The Salty2FA kit includes advanced features such as subdomain rotation, dynamic corporate branding, and sophisticated evasion tactics to enhance its effectiveness and evade detection. Salty2FA activity began gaining momentum in June 2025, with early traces possibly dating back to March–April 2025. The campaigns have been active since late July 2025 and continue to this day, generating dozens of fresh analysis sessions daily. Salty2FA targets industries including finance, energy, telecom, healthcare, government, logistics, IT consulting, education, construction, chemicals, industrial manufacturing, real estate, consulting, metallurgy, and more.

Open in new tab