Microsoft to Mandate MFA for All Microsoft 365 Admin Center Access

Microsoft has announced that it will make multi-factor authentication (MFA) mandatory for all users accessing the Microsoft 365 admin center starting next month. From February 9, 2026, administrators who do not have MFA enabled will no longer be able to sign in to the Microsoft 365 administrative portal. This move is part of Microsoft’s broader effort to strengthen security and protect organizations from growing cyber threats.

Microsoft began rolling out MFA requirements for the Microsoft 365 admin center in February 2025. However, the new update will enforce MFA for all users without exception. Once the change is live, users without MFA can not access the key admin portals, including portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com. These portals are widely used by IT teams to manage accounts, settings, and services within Microsoft 365.

Microsoft to Mandate MFA for All Microsoft 365 Admin Center Access

According to Microsoft, enforcing MFA adds an essential layer of protection beyond traditional password-based security. Passwords alone are no longer enough to protect sensitive systems, as attackers frequently use phishing, credential stuffing, brute-force attacks, and password reuse to gain unauthorized access. MFA helps prevent these attacks by requiring users to verify their identity through an additional step, such as a mobile app notification, text message, or hardware security key.

Microsoft explained that MFA significantly reduces the risk of account compromise and helps safeguard sensitive organizational data. By adding a second verification step, attackers are far less likely to gain access, even if they manage to steal a user’s password. This is especially important for administrative accounts, which have higher privileges and can cause serious damage if compromised.

The company has also urged organizations to act quickly to avoid disruptions. Admins who fail to enable MFA before the February deadline may face sign-in failures, which could interrupt IT operations and delay access to critical management tools. Microsoft recommends that global administrators configure MFA as soon as possible using the Microsoft setup wizard or by following the official guidance provided in Microsoft’s documentation.

Individual users can also review and manage their verification methods through Microsoft’s MFA setup portal. This allows them to add or update authentication options in advance, ensuring a smooth transition once enforcement begins.

See Also: Microsoft Security Update Causes VPN Connection Problems -What’s the Solution?

This announcement follows Microsoft’s earlier security initiatives. Microsoft has enforced MFA for Azure Portal sign-ins across all tenants since March 2025. In addition, Microsoft began enforcing MFA for Azure command-line tools, PowerShell, software development kits (SDKs), and APIs in October 2025. These measures reflect Microsoft’s ongoing strategy to protect user accounts and cloud environments from increasingly sophisticated attacks.

Supporting this approach, a Microsoft study published in November 2023 revealed that 99.99% of accounts protected by MFA successfully blocked hacking attempts. The study also found that MFA reduced the likelihood of account compromise by over 98%, even when login credentials were exposed.

Overall, Microsoft’s decision to enforce MFA for the Microsoft 365 admin center highlights the growing importance of strong security practices. By taking proactive steps now, organizations can reduce risks, protect sensitive data, and ensure uninterrupted access to essential administrative tools.