Microsoft 365 Admins Must Use MFA or Lose Access in 2026

Microsoft announced that it will enforce multi-factor authentication (MFA) for all Microsoft 365 admin center sign-ins beginning February 9, 2026. After that date, admins who do not have MFA enabled will lose access to Microsoft 365 administrative portals.

The requirement applies to key admin center URLs, including portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com. According to Microsoft, the move strengthens account security by adding a critical protection layer beyond passwords.

Why Microsoft Is Making MFA Mandatory

Microsoft says MFA dramatically reduces the risk of account compromise. By requiring an additional verification step, MFA helps stop:

• Phishing-based account takeovers
• Credential stuffing attacks
• Brute-force password attempts
• Password reuse exploits across services

With MFA in place, attackers cannot access admin accounts using stolen credentials alone.

What Admins Need to Do Now

Microsoft urges administrators to enable MFA as soon as possible to avoid disruptions to administrative access and daily operations.

Global administrators can set up MFA using Microsoft’s built-in setup wizard or follow the official Microsoft documentation. Individual users can also review and manage their security settings through the Microsoft MFA setup portal.

Part of a Broader Security Push

This change does not come out of nowhere. Microsoft has already enforced MFA on the Azure Portal for all tenants since March 2025. The company also extended MFA requirements to tools such as Azure CLI and PowerShell as part of its wider security strategy.

With its in-scope by default approach, Microsoft aims to eliminate common vulnerabilities and reduce exposure to large-scale exploits targeting admin accounts.

Are you already using MFA for your admin accounts? Let us know in the comments.

Via BleepingComputer