Share via

Action required: Enable multifactor authentication for your tenant by 1 October 2025

Nalini Bhavaraju 190 Reputation points
2025-09-02T20:20:23.22+00:00

Hi Team,

We are using Azure data Factory to connect to external vendor sources like SQL server, API, Snowflake database etc., in order to collect data into Azure Data lake Storage. I would like to make sure if the below update effects any of the flows/pipelines.

"

|Action required: Enable multifactor authentication for your tenant by 1 October 2025You’re receiving this notification because you’re a global administrator for the tenant listed at the bottom of this email.

To further increase your security, we’ll require users to sign in using multifactor authentication (MFA) before performing any resource management actions in Azure starting 1 October 2025. To take advantage of the extra layer of protection MFA offers, we recommend enabling MFA for users as soon as possible.

Because enforcement applies at the resource management layer, any services or clients that depend on the Azure management API are in scope, including Azure CLI, Azure PowerShell, the Azure mobile app, Azure SDKs, IaC tools, and Resource Manager REST API endpoints.

To understand the potential impact, you can apply a built-in Azure Policy definition in audit or enforcement mode.

If you don’t take action before 1 October 2025, your users will be required to set up MFA before performing any resource management actions in Azure.

If you can’t enable MFA for your users by 1 October 2025, you’ll need to postpone your tenant’s enforcement date.Required action·    To ensure your users can perform resource management actions, enable multifactor authentication (MFA) by 1 October 2025.·    To identify which users in your environment are set up for mandatory MFA, follow these steps.·    For the best compatibility experience, ensure users in your tenant are using Azure CLI version 2.76 and Azure PowerShell version 14.3 or later.·    If you can’t enable MFA by 1 October 2025, postpone your enforcement date through the Azure portal.Help and supportIf you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, open the Azure portal and select the question mark icon at the top of the page.

Learn more about service retirements that may impact your resources in the Azure Retirement Workbook. Please note that retirements may not be visible in the workbook for up to two weeks after being announced.

Please help us improve our communication by telling us what you think about this email in a survey.Action required: Enable multifactor authentication for your tenant by 1 October 2025_You’re receiving this notification because you’re a global administrator for the tenant listed at the bottom of this email._ To further increase your security, we’ll require users to sign in using multifactor authentication (MFA) before performing any resource management actions in Azure starting 1 October 2025. To take advantage of the extra layer of protection MFA offers, we recommend enabling MFA for users as soon as possible. Because enforcement applies at the resource management layer, any services or clients that depend on the Azure management API are in scope, including Azure CLI, Azure PowerShell, the Azure mobile app, Azure SDKs, IaC tools, and Resource Manager REST API endpoints. To understand the potential impact, you can apply a built-in Azure Policy definition in audit or enforcement mode. If you don’t take action before 1 October 2025, your users will be required to set up MFA before performing any resource management actions in Azure. If you can’t enable MFA for your users by 1 October 2025, you’ll need to postpone your tenant’s enforcement date.Required action·    To ensure your users can perform resource management actions, enable multifactor authentication (MFA) by 1 October 2025.·    To identify which users in your environment are set up for mandatory MFA, follow these steps.·    For the best compatibility experience, ensure users in your tenant are using Azure CLI version 2.76 and Azure PowerShell version 14.3 or later.·    If you can’t enable MFA by 1 October 2025, postpone your enforcement date through the Azure portal.Help and supportIf you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, open the Azure portal and select the question mark icon at the top of the page. Learn more about service retirements that may impact your resources in the Azure Retirement Workbook. Please note that retirements may not be visible in the workbook for up to two weeks after being announced. Please help us improve our communication by telling us what you think about this email in a survey.""

Thanks,

Nalini Bhavaraju.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-09-08T03:10:27.3166667+00:00

    Hi Nalini Bhavaraju,

    Thanks for the detailed follow-up.

    You've described for your Azure Data Factory (ADF) linked services and the use of Managed Identity for Key Vault access, your pipelines should not be directly impacted by the upcoming MFA enforcement starting 1 October 2025 because;

    • ADF Managed Identity is enabled (System Assigned: ON) – This allows ADF to securely access resources like Key Vault without needing user credentials, which means no MFA is required.
    • Linked Services use non-interactive authentication methods: SQL/Windows Auth, Snowflake (username/password), API basic auth, SAS tokens, Databricks token – These are executed by ADF services, not by an interactive user, and are unaffected by MFA policies. Passwords and tokens are being securely retrieved from Key Vault using Managed Identity, which is also a best practice.

    MFA Enforcement Does Affect for below scenarios:

    MFA enforcement applies to interactive user operations that involve resource management, such as:

    Creating/modifying Azure resources via Azure CLI, PowerShell, ARM templates, REST API, or the Azure Portal

    Scripted deployments or IaC (Infrastructure as Code) activities run by users

    So, unless your pipelines are dynamically creating or modifying Azure resources during runtime using Azure management APIs, this enforcement will not impact ADF data ingestion/extraction operations.

    Will suggest you double check below;

    • No action needed for ADF pipelines themselves.
    • Ensure admin users who manage Azure resources (via CLI/PowerShell) have MFA enabled before the deadline.
    • Audit any scripts or DevOps processes that perform resource management actions using user credentials – consider switching to service principals or managed identities for automation, which aren't subject to MFA.

    Hope this helps to clarify your queries.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it.

    Regards,

    Monalisha

    Was this answer helpful?

  2. Nalini Bhavaraju 190 Reputation points
    2025-09-05T14:04:23.56+00:00

    Hi Monalisha,

    Thanks for the response.

    For the Key vaults used in the ADF Linked services - I have Key vault as Managed Identity and ADF settings, Managed Identities --> System Assigned Status is ON

    In the Linked Services, I have different linked services mapped to different types of Authentication -

    1. windows authentication
    2. SQL authentication
    3. snowflake basic authentication with username and password (key vault password)
    4. Rest API - basic authentication
    5. Account key and SAS URI - for azure data lake and blob storage
    6. Databricks - Access Token Authentication

    Please suggest the impact.

    Thanks,

    Nalini.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.