Mandatory MFA in the Microsoft 365 Admin Centre

If you have registered for MFA and added a verification method, you meet the requirements. Visit this page, review your verification methods, and add one if necessary.

Microsoft will gradually introduce this requirement for all users of the Microsoft 365 Admin Centre. You will receive a message in the Message Centre approximately 30 days before enforcement in your tenant. If your organisation has already set up an MFA policy for admins or all users and these users have registered a verification method, no further action is required.

If your Microsoft 365 tenant was created after 22 October 2019, security standards may already be enabled in your organisation. To check this, go to the Microsoft Entra Admin Centre under Identity > Overview > Properties and see if there is a green tick next to 'Your organisation currently uses security standards'.

You will not be locked out of your account and can still access the Microsoft 365 Admin Centre. However, you will be prompted to register for MFA and add a verification method when you try to access the Admin Centre. If a user is locked out, it may be for other reasons.

No. This security measure is important for protecting Microsoft 365 customer organisations and users. MFA is increasingly considered the industry standard for basic security.

No. The MFA requirement currently only applies to users who access the Microsoft 365 Admin Centre. However, Microsoft recommends that all Microsoft 365 users use MFA to protect their accounts and their organisation.

No. These requirements do not currently apply to the use of Microsoft Graph PowerShell or API.

Yes. Emergency access accounts (break-glass accounts) must also use MFA once enforcement begins. We recommend migrating these accounts to passkey (FIDO2) or certificate-based authentication for MFA, as these methods meet the requirements.

Yes. The use of external MFA solutions meets the requirements, provided that the third-party IdP sends an MFA claim to Microsoft Entra ID.

Microsoft allows extensions for customers with complex environments or technical obstacles. Global administrators can postpone the enforcement start date in the Azure Portal.

Important information regarding requests for extensions:

• Global administrators must have elevated access rights before they can change the MFA enforcement start date on this page.
• In multi-tenant organisations, global administrators must perform this action for each individual tenant for which they wish to defer enforcement.
• Renewal requests apply to the Microsoft 365 Admin Centre, the Azure Portal, the Microsoft Entra Admin Centre, and the Microsoft Intune Admin Centre. If you have already submitted a renewal request in the Azure Portal, this renewal also applies to the Microsoft 365 Admin Centre.