"Starting February 9, 2026, Microsoft will enforce multi-factor authentication (MFA) for all users who want to access the Microsoft 365 admin center. Administrators without MFA will face login blocks starting next month. The measure is part of Microsoft's strategy against credential-based attacks, which remain a significant attack vector. The company began a soft rollout in February last year, but starting next month, the requirement will be fully enforced for all tenants."
"The enforcement focuses on three specific portals: portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com. The admin center is used to manage tenants, users, and compliance processes. Without MFA, a stolen password gives attackers full access to sensitive company data. High-privilege admin accounts are a popular target for ransomware campaigns that exploit Entra ID weaknesses. Microsoft emphasizes that more than 99.9 percent of compromised accounts lacked MFA, leaving them vulnerable to phishing and password reuse. Legacy setups without tenant-level MFA can completely lock out global admins."
Microsoft will require multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center beginning February 9, 2026, and will block administrators who lack MFA. The enforcement targets three portals: portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com, which manage tenants, users, and compliance. Microsoft cites credential-based attacks and states more than 99.9% of compromised accounts lacked MFA. Global admins can enable tenant-wide MFA via the MFA Wizard and methods like Authenticator push, SMS, or hardware tokens; users can add methods at aka.ms/mfasetup. Legacy tenants without tenant-level MFA risk locking out global admins and downtime if enforcement is postponed.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]