MFA Enforcement - Oct. 15, 2024

Question

Per the Microsoft notification, MFA will be required for all users signing into Azure starting Oct. 15th. We currently utilize a third party SSO process with MFA for access to these services.

Looking over the documentation it mentions adding an external authentication method in Entra ID. However, the fields outlined in the documentation don't exist in our third party tool. Is there anything that need to be done?

"Multifactor authentication will be required for all users signing into Azure. The rollout will begin on October 15, 2024, beginning with the Azure portal, Entra admin center, and Intune admin center. View up-to-date information about Azure multifactor authentication enforcement: aka.ms/mfaforazure Action required

1. Verify that all portal and admin center users have set up multifactor authentication. Instructions for verification are at aka.ms/mfaforazure. If all users have set up multifactor authentication, no further action is required.
2. Set up multifactor authentication for portal users who do not have multifactor authentication. Instructions are at aka.ms/mfaforazure.
3. If you need to postpone the enforcement date for your tenant to March 15, 2025:
4. Assign yourself elevated access to all Azure subscriptions and management groups in your directory. Instructions for elevated access are at aka.ms/enableelevatedaccess.
5. Return to this page and select Postpone enforcement.
   1. We recommend that you remove your elevated access. Instructions for removing access are at aka.ms/removeelevatedaccess."

Answer 1

Hello @Joe Gilligan,

Thank you for posting your query on Microsoft Q&A.

As you may already know, Microsoft has announced that starting October 15, 2024, MFA will be enforced for sign-ins to the Azure portal , Entra portal and Intune portal as part of Phase 1.

If you are using a third-party MFA provider for second-factor authentication and have configured it through the Conditional Access Custom Controls preview, this will not satisfy the new MFA requirements. You should migrate to the external authentication methods (EAM) preview to continue using your external solution with Microsoft Entra ID.

If you haven't configured your MFA through the external authentication methods preview, please contact your MFA provider and ask them to configure their application according to the requirements outlined in the following documentation:

Microsoft Entra multifactor authentication external method provider reference (Preview)

Once they have made the necessary changes and are satisfied with the flow, you can configure and manage the external authentication method in Microsoft Entra ID by creating an EAM in the admin center.

Manage an external authentication method in Microsoft Entra ID (Preview)

If your third-party MFA provider does not support external authentication methods (EAM) in Microsoft Entra ID, once Microsoft enforces the MFA mandates for the Azure Portal, Entra Portal, and Intune Portal, users will be prompted to register for Azure MFA if an EAM is not configured.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Thanks,
Raja Pothuraju.

Answer 2

You should probably talk to your 3rd party MFA vendor about how to handle this. Im sure you arent the only customer with questions.

Answer 3

HI, what if I need to exclude my tenant ID from the MFA, will there be another extended time past March 2025 ?