26.12.2025
2 min
427
Microsoft has announced that starting February 9, 2026, multi-factor authentication (MFA) will become mandatory for all users accessing the Microsoft 365 admin center. Accounts without MFA enabled will be blocked from signing in, potentially disrupting IT operations.
The enforced MFA requirement will apply to all major Microsoft 365 administrative portals, including admin.microsoft.com, admin.cloud.microsoft, and portal.office.com/adminportal/home, which administrators use to manage users, licenses, and services.
Microsoft says the move is designed to strengthen protection for administrator accounts, which are among the most valuable targets for attackers. According to the company, MFA significantly reduces the risk of account compromise and helps prevent unauthorized access caused by phishing, brute-force attacks, credential stuffing, and password reuse.
Microsoft also urged global administrators to review and enable MFA immediately to avoid losing access to critical administrative functions once the policy takes effect. MFA can be configured using Microsoft’s setup wizard or official documentation, while individual users can review and add authentication methods via the MFA setup portal.
This decision builds on Microsoft’s broader security strategy. MFA has been required for Azure Portal sign-ins since March 2025, and since October 2025, it has also been enforced for Azure CLI, PowerShell, SDKs, and APIs.
A Microsoft study published in November 2023 revealed that 99.99% of attacks against MFA-protected accounts fail. Even when credentials are compromised, MFA reduces the likelihood of account takeover by more than 98%, making it one of the most effective account security measures available.
Making MFA mandatory for the Microsoft 365 admin center is a critical step toward securing enterprise environments. Organizations that fail to prepare in advance risk losing access to essential administrative tools at a crucial time.
