Microsoft Azure will require multi-factor authentication for all forms of Azure access starting October 2025. This step is part of the planned second phase of the rollout.
From October 1, 2025, Azure will implement the second phase of mandatory multi-factor authentication (MFA), as stated by Microsoft on its support page. Users will now need to authenticate using MFA to perform resource management actions via clients, such as Azure CLI, PowerShell, or APIs.
Second Phase
Microsoft began mandating MFA for sign-ins to Azure Portal and related management centers in March 2025. That first phase has now been fully rolled out. The second phase begins in October. It focuses on users who perform Azure resource management via clients such as Azure CLI, PowerShell, the mobile app, REST APIs, SDKs, and Infrastructure as Code tools.
The requirement is being gradually introduced through Azure Policy. Microsoft has already sent notifications to global administrators of Azure tenants via email and Azure Service Health.
Preparation
Organizations must activate MFA for all users working with Azure resources before October 1. Workload identities, such as service principals and managed identities, are exempt from this requirement.
Furthermore, Microsoft recommends using the latest versions of Azure CLI (v2.76 or higher) and PowerShell (v14.3 or higher). This ensures users have the best compatibility.
Customers can assess the impact of this change in advance by enabling built-in Azure Policy definitions. This allows them to test whether users without MFA lose access to management tasks. Organizations can also apply this enforcement gradually to specific regions or resource types.