Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month.
While MFA requirements for the admin center began rolling out in February 2025, Microsoft will now enforce this for all users and block those without MFA enabled from signing in to the Microsoft 365 administrative portal after the change goes live on February 9th, 2026.
This will affect the portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com admin center URLs used by IT administrators to manage Microsoft 365 accounts and services.
Microsoft said that enforcing MFA for all admin center sign-ins adds critical protection beyond standard password security, making it significantly harder for attackers to compromise accounts.
“Implementing MFA in the Microsoft 365 admin center significantly reduces the risk of account compromise, prevents unauthorized access, and safeguards sensitive data,” Microsoft said.
“By adding an extra layer of protection beyond standard username and password authentication, MFA makes it harder for attackers to steal data and prevents unauthorized access from phishing, credential stuffing, brute force, or password reuse attacks.”
Microsoft also urged admins to take immediate action to avoid interruptions to IT operations and administrative functions, as organizations that fail to enable MFA before the February deadline will experience access disruptions when administrators start experiencing sign-in failures.
Global administrators can configure MFA using Microsoft’s setup wizard or by following the official documentation. Individual users can check their verification methods and add authentication options through Microsoft’s MFA setup portal.
Microsoft has also been enforcing MFA for Azure Portal sign-ins across all tenants since March 2025, a change announced in May 2024, when it began requiring MFA for all users signing in to Azure to administer resources. It also started enforcing MFA on Azure CLI, PowerShell, SDKs, and APIs in October 2025 to protect users’ accounts against attacks.
A Microsoft study from November 2023 found that 99.99% of MFA-protected accounts successfully block hacking attempts, and that MFA also reduced the chance of account compromise by 98.56% even when the credentials are compromised.
Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.