Multifactor authentication (MFA) is where 2 or more verification processes are performed before security access is granted.  Single factor authenticaion is usually just the password alone (and much weaker control than MFA).  The Microsoft Azure cloud now requires all Administrator accounts to be set with MFA controls, by default which is a much stronger control than passwords alone.

Microsoft is bringing multifactor authentication (MFA) to organizations that manage Azure Active Directory tenancies.  The idea is to make MFA a “baseline policy” for all organizations with Azure AD account administrators. MFA is a secondary identity verification scheme beyond using a password. It typically might entail answering an automated cell phone call or responding to a text message before granting access.

On Friday, Microsoft announced that it is previewing MFA for protecting “privileged Azure AD accounts.” By privileged accounts, Microsoft is referring to the IT pro administrator user accounts that an organization uses to manage Microsoft’s identity and access management service. The preview currently can be accessed within the Azure Portal by going to the Conditional Access blade. There’s an option in there to turn on the baseline policy and “Require MFA for administrators.” The interface lets organizations specify which Azure AD administrators will be subject to using MFA. The options include:

1.Global administrator
2.SharePoint administrator
3.Exchange administrator
4.Conditional access administrator
5.Security administrator