What is happening?
Microsoft is requiring MFA for any administrators signing into Azure and other admin portals. There will be two phases to this update:
Phase 1: Starting in October, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. The enforcement will gradually roll out to all tenants worldwide. This phase will not impact other Azure clients such as Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code (IaC) tools.
Phase 2: Beginning in early 2025, gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and IaC tools will commence.
How does this impact Okta?
Phase 1 should have no impact for Okta.
Phase 2 will likely have an impact on Okta M365 SSO and Provisioning integrations.
What actions should I take?
Okta Administrators must change the Office 365 app in Okta to leverage the upgraded integration.
For Single Sign-on (WS-Fed Auto): For any customer who has an Office 365 app in Okta configured with WS-Fed Auto configuration, follow this Guide.
For Provisioning: For any customer who has configured Provisioning for Office 365 (includes Profile Sync, License & Role Management, User Sync, and Universal Sync), follow this Guide.
When do I need to make these updates?
Microsoft has indicated that it will start enforcing MFA for Azure Powershell, Azure CLI, and IaC by early 2025. However, Microsoft has not specified a definitive date. To be proactive and secure our customers, Okta requires that all customers provide consent and leverage the upgraded integrations by December 31, 2024.
Next Steps
If you need assistance with the required changes or have any questions, feel free to book a meeting with Okta partner TechJutsu.
Comments