Microsoft Mandates MFA for Microsoft 365 Admin Center Access

[harlan4096]

Microsoft is tightening security for its cloud customers by making multi-factor authentication mandatory for anyone accessing the Microsoft 365 admin center, effectively ending password-only logins for high-privilege admin portals.  

The enforcement will fully kick in on February 9, 2026, following a phased rollout that began in early 2025. 

Deadline and enforcement scope

Under the new policy, admin users who do not have MFA enabled will be blocked from signing into the Microsoft 365 admin center after the deadline, forcing organizations to configure strong authentication or risk operational disruption.  

Enforcement covers three core admin endpoints: portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com, which are used to manage tenants, users, security, and compliance settings. 

Because these portals grant broad control over Microsoft 365 environments, a single compromised password without MFA can give attackers “god-like” access to emails, files, identity settings, and audit logs. 

Microsoft notes that legacy tenants that have never enabled MFA at the organization level could see global admins locked out if they fail to prepare. 

Continue Reading...