Setting-up MFA: a Microsoft Azure legacy this summer

Setting-up MFA: a Microsoft Azure legacy this summer.

It’s the summer to set-up MFA. With Microsoft beginning rolling out its new MFA policy in July, it’s a topic that’s as hot as a heatwave across the technology landscape. Microsoft is blazing a path towards stronger security for all accounts, but two questions remain. Do users understand why MFA will provide cyber security solutions for them? Do they know how to set-up MFA?

Microsoft Azure

Microsoft Azure is a cloud computing platform that effectively gives its users access to a huge pool of computing resources that Microsoft provides. This means you can use the resources you need without having to purchase physical hardware.

It provides a business resource which is affordable and scalable no matter your business size. You can add resources or remove them as required. It is a comprehensive business tool which has the potential to store large amounts of your business information and your clients’ information.

Why is MFA being enforced by Microsoft?

Updating defences and maintaining good cyber security is part of being a responsible service provider. Microsoft have conducted research into the need for this extra layer of cyber security in their own report titled, How effective is multi-factor authentication at deterring cyberattacks?

The report found three key findings in its research:

  1. 17% of accounts that were “compromised” by cyber-attacks did not have MFA.
  2. Implementing MFA leads to a 99.22% reduction of cyberattack.
  3. In case where private information has already been leaked, the use of MFA leads to a 98.56% reduction in further compromise.

Microsoft’s research highlighted some eye-opening results which have, in part, translated into the roll out of mandatory MFA for Azure users. The impact of MFA on account security was not only being researched by Microsoft.  

Independent MFA findings

Other reports have been released using data gathered from different tests and the results present similar findings:

  • Google actively participated in the Biden Administration’s Symposium focused on strengthening authentication for online security. At this Symposium Google describe MFA as “one of the most effective ways to reduce the risk of significant cyber incidents”.



  • Google released data in 2019 showing that by adding a second level of authentication to accounts you can:
    • Block up to 100% of automated bots
    • Block 99% of bulk phishing attacks
    • Prevent 66% of targeted attacks.


Microsoft’s research is not stand alone. The implementation of multiple levels of authentication is proven time and again to strengthen account security. This is leading to changes in how we are asked to secure and authenticate our online accounts as businesses and individuals.

Government policy

In the UK, the government brought in legislation on 29 April 2024 which mandated businesses to meet a password standard for smart devices connecting to the internet. This law demonstrates the need for stronger account security in a world where we use internet-based devices multiple times in our daily lives. The law was a world-first, an innovative and disruptive policy designed to bring change and security. Microsoft are doing the same and they have a well-publicised initiative which covers this ideology.

Microsoft Secure Future Initiative

In November 2023, Microsoft launched the Microsoft Secure Future Initiative in response to the increasing threat of cyber-attacks. Aiming to strengthen accounts in the face of increasing cyber threats the initiative covers both company practice and products. There policy is built on three pillars or ‘principles’:

  1. Secure by design: designing products with security at the forefront of the design process.


  1. Secure by default: Security is both enabled and enforced with no exception, no extra effort and no option.


  1. Secure operations: Through monitoring and security controls the dynamic nature of cyber threats will be met.


Microsoft seek to develop and continuously improve security to benefit their company and their consumers. The decision to roll-out mandatory MFA this summer directly links to the initiative and to the principle of ‘secure by default’.

The announcement

On 14 May 2024, Microsoft posted this statement on their blog as the formal announcement to customers that MFA would become a mandatory part of account authentication.

As you can see from the screenshot of the news direct from Erin at Microsoft, the rollout begins in July, which shows it will be a process. There are those who have criticised this move saying that users do not have enough time to respond; that change is being sprung on them.

Mandatory MFA is a necessary change to protect users from the increasing threat of having their accounts hacked. This change could save business owners thousands of pounds, save countless hours of time in the event of a breach, and save their business’ reputation. This impact is being overlooked but why?

Time and capital   

The assumption is made that this roll-out will require large amounts of time and capital given the value it brings to account security. The value of time when running a business is high. The allocation of capital for services is often planned for months in advance to prevent unexpected expenditure. It is therefore an unrealistic expectation to achieve Microsoft’s mandatory change in less than 6 weeks in the eyes of most businesses. Unless of course this assumption is false and the roll out is not time intensive or expensive.

MFA is free and easy to do

This security feature will add value to your business both internally and externally and best of all it is free to do so there is no capital expenditure involved. It is easy to do, and MFA can be set-up in less time than it will take to drink a cup of coffee. By following a few simple steps, you can protect your account.

How to set-up MFA?

MFA is an easy and free layer of security that you can set-up on your accounts. MFA set-up is usually a simple process as the MFA set up for Microsoft Azure will show.

MFA set-up for Microsoft Azure

This simple process takes a few minutes to complete in real time.

Step 1: Head to the app store and download the app

If you have an android phone, head to the google play app store. It looks like this:

If you have an Apple phone, head to the apple store. It looks like this:

Step 2: Download the app

The app you need to download looks like this:

Installing this is FREE. It can take a couple of minutes to download.

You now use this app to set-up your account to use MFA.

Step 3: Follow the steps in the app and on screen.

With the app downloaded, accept your ‘digital life’ and follow the steps on screen. You will click through ‘next’ twice until you are asked to link the app with your Microsoft account using a QR code.

The QR code will appear on screen and use the app to scan the code. Do not use the phone camera to do this, use the app. Once scanned you will be asked to allow notifications.

After clicking through you will find a code appear on screen which you enter the app to confirm your identity. Choose your verification method, which can be fingerprint, facial scan or code. Then you’re set up. It’s that easy.

Business FAQs

The account is shared, why do we need MFA?


MFA keeps the hackers out. On a shared account only the people who have been given access should have access and each person will have their own MFA to get in. You don’t want your access point to be the cause of a cyber security breach. If everyone is using MFA the hackers have a harder time getting in. Only the authorised people can get in – shared does mean the same as public.


Can I turn my MFA off? 


No, Microsoft are making the use of MFA mandatory for all Azure users. This is something that is happening on many platforms. The use of MFA is the future. It is not in your best interests to turn off MFA for any of your accounts as this makes you more vulnerable to cyber breaches which could compromise the data you hold.



MFA is going to become the industry standard for accounts in the very near future as more companies adopt the policy of mandatory MFA. The best action for your business is to add MFA to your accounts, whether mandatory or not. As Microsoft roll-out their mandatory MFA this July, and as others follow suit, MFA is a form of account security that is here to stay.

Related Posts