Find Admin Accounts Accessing Entra & Azure Portals Without MFA Using Workbook. It is recommended to run this exercise before Microsoft enforces MFA for Azure, Entra and Intune portals on Oct 15, 2024.
Is this enforcement available for all tenants or only those who are not using both security defaults and CAP? I am using CAP to manage users mfa and this notification/enforcement is not available for my tenant.. In the community article they have just mentioned it will be gradually rolled out for all tenants but doesn't specify tenants which are primarily focused in this enforcement..
Hi @7414., Microsoft is going to enforce MFA for accounts which access Entra, Intune and Azure portal. These are normally admin accounts and hence will not affect the normal users in an organization. If you already have security defaults or have CAP to cover this, you are in good shape. But most often, we exempt certain admin accounts from MFA for whatever business reason. One would be the accounts used in an Azure automation runbook. Yes, ideally you should be using an app (SPN) or managed identity, but not everyone follows this. Setting up this runbook will only take a few minutes, but will give you a good idea as to whether you have any accounts accessing MS admin endpoints without MFA. Hope this helps.
Find Admin Accounts Accessing Entra & Azure Portals Without MFA Using Workbook. It is recommended to run this exercise before Microsoft enforces MFA for Azure, Entra and Intune portals on Oct 15, 2024.
Is this enforcement available for all tenants or only those who are not using both security defaults and CAP?
I am using CAP to manage users mfa and this notification/enforcement is not available for my tenant..
In the community article they have just mentioned it will be gradually rolled out for all tenants but doesn't specify tenants which are primarily focused in this enforcement..
Hi @7414., Microsoft is going to enforce MFA for accounts which access Entra, Intune and Azure portal. These are normally admin accounts and hence will not affect the normal users in an organization.
If you already have security defaults or have CAP to cover this, you are in good shape. But most often, we exempt certain admin accounts from MFA for whatever business reason. One would be the accounts used in an Azure automation runbook. Yes, ideally you should be using an app (SPN) or managed identity, but not everyone follows this.
Setting up this runbook will only take a few minutes, but will give you a good idea as to whether you have any accounts accessing MS admin endpoints without MFA.
Hope this helps.
@@Cloudiffic Thanks for the reply sir 🙏🏻
Will ask our team to start migrating user based service accounts to Service principles..
@@7414. Please do, only one more month to go! Do let me know if you have any other questions, thanks.