Microsoft enforces tenant-wide MFA for Azure Portal sign-ins
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft has enforced multifactor authentication (MFA) for Azure Portal sign-ins across 100% of Azure tenants, tightening admin access control and reducing takeover risk. The rollout completed in March 2025 after being announced in May 2024. A wider enforcement phase for Azure CLI, PowerShell, SDKs, and APIs is planned for October 2025.
Related Happenings
Microsoft AiTM payroll pirate attack mitigation
Advisory/Mitigation
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
**Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Microsoft AiTM payroll pirate attack mitigation
Advisory/MitigationAbout this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Windows Autopatch enables hotpatch security updates by default for eligible devices
Security Tool/Service
First: 11.03.2026 11:15
Last: 11.03.2026 11:15
Sources 1
About this happening:
Microsoft is changing **Windows Autopatch** to enable **hotpatch security updates** by default, speeding security-fix rollout for eligible devices and reducing restart-related del...
Windows Autopatch enables hotpatch security updates by default for eligible devices
Security Tool/ServiceAbout this happening: Microsoft is changing **Windows Autopatch** to enable **hotpatch security updates** by default, speeding security-fix rollout for eligible devices and reducing restart-related del...
Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview
Security Tool/Service
First: 10.03.2026 17:27
Last: 10.03.2026 17:27
Sources 1
About this happening:
**Microsoft Entra** is adding **passkey support on Windows devices**, bringing **phishing-resistant passwordless authentication** via **Windows Hello**. The rollout reaches **publ...
Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview
Security Tool/ServiceAbout this happening: **Microsoft Entra** is adding **passkey support on Windows devices**, bringing **phishing-resistant passwordless authentication** via **Windows Hello**. The rollout reaches **publ...
Microsoft Windows Autopatch defaults hotpatch security updates for managed Windows devices
Security Tool/Service
First: 10.03.2026 12:35
Last: 10.03.2026 12:35
Sources 1
About this happening:
Microsoft is making **hotpatch security updates** the default for eligible **Windows devices** managed through **Microsoft Intune** and the **Microsoft Graph API**, reducing resta...
Microsoft Windows Autopatch defaults hotpatch security updates for managed Windows devices
Security Tool/ServiceAbout this happening: Microsoft is making **hotpatch security updates** the default for eligible **Windows devices** managed through **Microsoft Intune** and the **Microsoft Graph API**, reducing resta...
Microsoft 365 device-code phishing defenses for OAuth token abuse
Defensive Guidance
First: 19.02.2026 14:30
Last: 19.02.2026 14:30
Sources 1
About this happening:
Defenders are tightening **Microsoft 365** protections against **device code phishing** and **vishing**, a technique that can hand attackers valid **OAuth tokens** for **Microsoft...
Microsoft 365 device-code phishing defenses for OAuth token abuse
Defensive GuidanceAbout this happening: Defenders are tightening **Microsoft 365** protections against **device code phishing** and **vishing**, a technique that can hand attackers valid **OAuth tokens** for **Microsoft...
Timeline
-
05.09.2025 22:32 1 articles · 8mo ago
Initial report: Microsoft enforces tenant-wide MFA for Azure Portal sign-ins
Initial DisclosureIn **March 2025**, Microsoft completed tenant-wide **MFA enforcement** for **Azure Portal sign-ins**, removing password-only administrative access through the portal.
Show sources
- Microsoft now enforces MFA on Azure Portal sign-ins for all tenants — www.bleepingcomputer.com — 05.09.2025 22:32