Microsoft announced Friday that they are changing their policy for high-privileged Azure AD accounts and will soon enable multi-factor authentication by default. The MFA roll-out will be part of Microsoft’s security “baseline policy” the purpose being greater security. Right now, MFA (enabled by default) for administrator accounts has not yet reached the general availability phase but will eventually make it’s way to everyone. Just to be clear, administrators can manually turn off multi-factor authentication if they wish but that Microsoft’s policy, once in general availability, will turn this on for all administrator accounts and prompt your admin’s to setup MFA.
How to Enable MFA in Azure AD
Those of you that wish to get ahead of the game can manually enable MFA on their admin accounts prior to this settings change so that it doesn’t cause mass chaos.