Ready to learn?

Microsoft 365 Admin Portals MFA

๐Ÿ”’ Secure Bits ๐Ÿ’ก
๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐˜„๐—ถ๐—น๐—น ๐—ฏ๐—น๐—ผ๐—ฐ๐—ธ ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐Ÿฏ๐Ÿฒ๐Ÿฑ ๐—ฎ๐—ฑ๐—บ๐—ถ๐—ป ๐—ฝ๐—ผ๐—ฟ๐˜๐—ฎ๐—น๐˜€ ๐˜„๐—ถ๐˜๐—ต๐—ผ๐˜‚๐˜ ๐— ๐—™๐—”. Are you ready?

Microsoft announced that sign-ins to the Microsoft 365 Admin Center ๐˜„๐—ถ๐—น๐—น ๐—ฟ๐—ฒ๐—พ๐˜‚๐—ถ๐—ฟ๐—ฒ ๐— ๐—™๐—” โ€” ๐Ÿ“… rollout startedย Feb 3, 2025, andย from Feb 9, 2026ย password-only sign-ins will be blocked. Accounts without MFA will simply ๐—ฏ๐—ฒ ๐—ฑ๐—ฒ๐—ป๐—ถ๐—ฒ๐—ฑ ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€.

โš ๏ธ This may sounds obvious โ€” but in many tenants, this will catch many administrators of guard if youโ€™re not prepared.

๐—ช๐—ต๐˜† ๐˜๐—ต๐—ถ๐˜€ ๐—บ๐—ฎ๐˜๐˜๐—ฒ๐—ฟ๐˜€:
๐Ÿ”น Admin portals are one of the highest-value targets in Microsoft 365
๐Ÿ”น A single compromised admin account can lead to tenant takeover, data loss, or persistence
๐Ÿ”น By doing this, Microsoft is removing the last excuse for โ€œweโ€™ll enable MFA laterโ€

๐—ช๐—ต๐—ฎ๐˜โ€™๐˜€ ๐—ฟ๐—ฒ๐—ฎ๐—น๐—น๐˜† ๐—ต๐—ฎ๐—ฝ๐—ฝ๐—ฒ๐—ป๐—ถ๐—ป๐—ด:
๐Ÿ”น MFA will be enforced at sign-in time, not just โ€œrecommendedโ€
๐Ÿ”น Legacy admin habits (password-only, shared admin accounts) will simply stop existing
๐Ÿ”น If you havenโ€™t updated emergency access accounts according to Microsoftโ€™s latest recommendation, they will not be usable

๐—›๐—ผ๐˜„ ๐˜๐—ผ ๐—ฝ๐—ฟ๐—ฒ๐—ฝ๐—ฎ๐—ฟ๐—ฒ (๐—ฑ๐—ผ ๐˜๐—ต๐—ถ๐˜€ ๐—ป๐—ผ๐˜„):

๐Ÿ› ๏ธย ๐—˜๐—ป๐—ณ๐—ผ๐—ฟ๐—ฐ๐—ฒ ๐— ๐—™๐—” ๐—ณ๐—ผ๐—ฟ ๐—ฎ๐—ฑ๐—บ๐—ถ๐—ป๐˜€ ๐—ฒ๐˜…๐—ฝ๐—น๐—ถ๐—ฐ๐—ถ๐˜๐—น๐˜†
โ€ข Spread the word that this is happening amongst other admins
โ€ข Use Conditional Access and target privileged directory roles
โ€ข Require MFA for all admin roles, not just Global Admins

๐Ÿ›ก๏ธ ๐—™๐—ถ๐˜… ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ฏ๐—ฟ๐—ฒ๐—ฎ๐—ธ-๐—ด๐—น๐—ฎ๐˜€๐˜€ ๐—ฎ๐—ฐ๐—ฐ๐—ผ๐˜‚๐—ป๐˜๐˜€
โ€ข Break-glass accounts should each have a different form of MFA
โ€ข Use: FIDO2 security keys, Certificate-based authentication, Software TOTP on FIDO2 key
โ€ข A long password alone is not enough anymore
โ€ข Quick start:ย use the Conditional Access templateย โ€œRequire multifactor authentication for Microsoft admin portalsโ€and tailor it to your needs

โš ๏ธ ๐—ง๐—ฒ๐˜€๐˜ ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€
โ€ข Validate all admins can access Microsoft 365 portals before this is out
โ€ข Verify emergency accounts work before you really need them

โœ… Treat this change as a forced ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ต๐˜†๐—ด๐—ถ๐—ฒ๐—ป๐—ฒ ๐—ฐ๐—ต๐—ฒ๐—ฐ๐—ธ. If MFA breaks your admin access, the problem isnโ€™t Microsoft โ€” itโ€™s your security posture.

๐Ÿ’ฌ ๐——๐—ผ ๐˜†๐—ผ๐˜‚ ๐—ฎ๐—น๐—ฟ๐—ฒ๐—ฎ๐—ฑ๐˜† ๐—ต๐—ฎ๐˜ƒ๐—ฒ ๐— ๐—™๐—”-protected admin access and break glass accounts, or are you still relying on passwords? Let us know.

๐˜ˆ๐˜ถ๐˜ต๐˜ฉ๐˜ฐ๐˜ณ ๐˜ฐ๐˜ง ๐˜ต๐˜ฉ๐˜ฆ ๐˜ฑ๐˜ฐ๐˜ด๐˜ต: Martin Strnad

buy a course