What happens if we don't enable multifactor authentication for our tenant by 15 October 2024?

Emil Pettersson 25 Reputation points
2024-09-20T07:42:53.9066667+00:00

Hello, our company recieved an e-mail from Microsoft witht he following message:

Action required: Enable multifactor authentication for your tenant by 15 October 2024 You’re receiving this email because you’re a global administrator for 98b767cb-4831-4417-bebd-a1cec2b605aa Starting 15 October 2024, we will require users to use multifactor authentication (MFA) to sign into the Azure portal, Microsoft Entra admin center, and Intune admin center. To ensure your users maintain access, you’ll need to enable MFA by 15 October 2024. If you can’t enable MFA for your users by that date, you’ll need to apply to postpone the enforcement date. If you don’t, your users will be required to set up MFA. Action required

  • To identify which users are signing into Azure with and without MFA, refer to our documentation.
  • To ensure your users can access the Azure portal, Microsoft Entra admin center, and Intune admin center, enable MFA for your users by 15 October 2024.
  • If you can’t enable MFA by 15 October 2024, apply to postpone the enforcement date.

We are now using Entra Free, and do not seem to have access to the Conditional Access settings that are required to perform this required action of enabling MFA for our users. It seems we would have to upgrade to at least Entra P1 to get access to this. Is that correct?
(according to: https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing)

Also the e-mail message says "If you can’t enable MFA for your users by that date, you’ll need to apply to postpone the enforcement date. If you don’t, your users will be required to set up MFA." Is it an option to somehow stay with Entra Free and let our users set up MFA? It is a bit unclear since under "Action Required" the message later states "If you can’t enable MFA by 15 October 2024, apply to postpone the enforcement date." with no mention of users being required to set up MFA.

So we also wonder, what would happen if we do not enable MFA for our users?

Best Regards

Emil Petterson

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,820 questions
{count} votes

1 answer

Sort by: Most helpful
  1. akinbade abiola 17,050 Reputation points
    2024-09-20T08:11:01.53+00:00

    "We are now using Entra Free, and do not seem to have access to the Conditional Access settings that are required to perform this required action of enabling MFA for our users. It seems we would have to upgrade to at least Entra P1 to get access to this. Is that correct? "

    Not necessarily, upgrading gives you granular control. But regardless of your plan MFA is going to be required going forward after the setdate.

    If MFA is not applied by the set date, MFA will be automatically enforced. Since you do not have Conditional Access you could leverage Security defaults as well. If you don’t want to use Security Defaults, you will still be able to have MFA enforced automatically after the deadline, but Security Defaults allow you to proactively meet the requirement.

    You could also choose to postpone enforcement.

    For detailed planning I will recommend you take a look at: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication?source=recommendations

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.