Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft 365 admin center MFA enforcement

Advisory/Mitigation
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft will enforce multi-factor authentication (MFA) for Microsoft 365 admin center sign-ins starting February 9, 2026, blocking administrators who have not enabled MFA. The policy applies to portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com. Microsoft says the change will reduce account compromise risk and help stop phishing and credential stuffing attacks. Organizations that miss the deadline may face access disruptions to administration and management functions.

Related Happenings

Microsoft Teams admin policy adds approval-based control for third-party bots

Security Tool/Service
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...

Microsoft Teams third-party bot approval controls for meeting social-engineering risk

Defensive Guidance
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: **Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...

Microsoft My Sign-Ins MFA outage

Service Disruption
H score25 First: 01.06.2026 14:40 Last: 01.06.2026 14:40 Sources 1

About this happening: **Microsoft** is dealing with an **ongoing outage** that is blocking some users from setting up **multi-factor authentication (MFA)** and accessing **My Sign-Ins**. Affected users...

Azure Backup for AKS Trusted Access permission tightening

Security Patch Release
H score8 First: 16.05.2026 23:55 Last: 16.05.2026 23:55 Sources 1

About this happening: **Microsoft** appears to have silently tightened **Azure Backup for AKS**, closing a **Trusted Access** authorization path that could let a low-privileged role reach **cluster-adm...

KongTuke Microsoft Teams initial access campaign

Campaign
H score42 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

Timeline

  1. 08.01.2026 14:10 2 articles · 6mo ago

    Microsoft announces MFA enforcement for Microsoft 365 admin center

    Initial Disclosure

    Microsoft announced that it will enforce multi-factor authentication (MFA) for all Microsoft 365 admin center sign-ins starting February 9, 2026, blocking administrators without MFA from portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com. Microsoft said the change is meant to reduce account compromise risk and prevent unauthorized access to Microsoft 365 administrative functions.

    Show sources
  2. 08.01.2026 14:10 1 articles · 6mo ago

    MFA enforcement goes live for Microsoft 365 admin center

    Mitigation Patch Update

    Microsoft begins enforcing MFA for Microsoft 365 admin center sign-ins on February 9, 2026, requiring MFA for all users and blocking sign-ins without MFA on portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com. Organizations that have not enabled MFA before the deadline face access disruptions to Microsoft 365 administrative access.

    Show sources