Multi-factor authentication for the Microsoft 365 admin center will be mandatory from February 9.
Microsoft will enforce multi-factor authentication (MFA) from February 9, 2026, for all users who want to access the Microsoft 365 admin center. Administrators without MFA will be automatically blocked from that date.
The obligation applies to all known management URLs, including admin.microsoft.com, admin.cloud.microsoft and portal.office.com/adminportal/home.
Definitive obligation
The mandatory MFA for the Microsoft 365 admin center was already announced and partially rolled out in February 2025. Without MFA, there is no more access to the administrator portal. According to Microsoft, this is a necessary step to better protect accounts against attacks that exploit weak or reused passwords.
The admin center provides access to user management, licenses, security settings and company data. According to Microsoft, MFA is crucial there. “By adding MFA on top of username and password, organizations significantly reduce the risk of account compromise and prevent abuse via phishing, credential stuffing and brute force attacks,” the tech giant writes in a message.
MFA required
Microsoft warns organizations to take action now. Administrators who have not set up MFA by February will no longer have access to the admin center. Global administrators can activate MFA via the Microsoft 365 setup wizard or via the official documentation. Individual administrators can check and expand their verification methods via the Microsoft MFA portal.