At Task Systems Limited, we continuously monitor key industry changes to ensure our customers remain secure and informed. Microsoft has introduced several significant security updates for Azure, focusing on enhancing user authentication, managing unused subscriptions, and providing better access to compliance data through a new API. These changes are critical for maintaining the integrity and safety of your Azure environments. Below, we break down the essential details of these updates and what they mean for your business.
1. Mandatory Multi-Factor Authentication (MFA) for Azure Portal Logins
With rising cybersecurity threats, securing user credentials is more critical than ever. Starting October 2024, Microsoft will enforce Multi-Factor Authentication (MFA) for all users signing into the Azure portal.
What does this change mean for you?
Each user will now be required to provide two forms of identification when logging into the Azure portal. In addition to the usual password, users must verify their identity with a secondary method such as a code sent via SMS, email, or a push notification from an authentication app like Microsoft Authenticator or Google Authenticator.
This mandatory MFA requirement adds a critical layer of protection, helping to mitigate the risks associated with compromised passwords. As businesses handle more sensitive data online, this security enhancement will safeguard your Azure resources from unauthorized access.
Why is this important? Passwords alone are no longer considered adequate in protecting accounts from cyberattacks, such as phishing or credential stuffing. By adopting MFA, Microsoft is addressing a significant gap in user security, ensuring that even if passwords are compromised, unauthorized users cannot access your Azure account without completing the second authentication step. It’s a simple, yet highly effective measure to protect your digital infrastructure.
2. Automated Removal of Unused Azure Subscriptions
Unused and inactive accounts present a security risk. Starting November 2024, Microsoft will begin blocking and eventually deleting Azure subscriptions that have shown no usage or activity for more than 12 months.
What does this mean for you?
If a subscription has remained unused for over a year, Microsoft will issue a notification informing account holders that the subscription will be blocked after 30 days if no action is taken.
Once blocked, you will no longer be able to perform actions associated with the subscription. However, there is still an opportunity to reactivate it—by submitting a support request to Microsoft if you purchased the subscription directly, or by contacting your partner (if the subscription was acquired through a partner).
If no further activity occurs within 90 days of the block, the subscription will be permanently deleted.
This automated process ensures that dormant accounts don’t pose a security risk or lead to unnecessary resource consumption. It also helps businesses avoid clutter in their Azure environments, promoting more efficient and secure management of resources.
Key takeaway: To avoid disruptions, ensure that your Azure subscriptions are actively managed. If a subscription is still valuable, make sure to log activity or resolve any pending issues before the block and deletion deadlines.
3. Introducing the Security Requirements API: Enhanced Compliance and Security Automation
In an effort to improve transparency and offer greater control over security compliance, Microsoft will soon release a Security Requirements API. This new feature provides partners with direct access to security compliance data, creating opportunities for automation and better security management.
What does this mean for you?
The Security Requirements API will give you the tools to automate compliance monitoring, allowing easier access to real-time security performance metrics.
By using this API, businesses can quantify their security measures and ensure compliance with industry standards, reducing manual workloads and human errors associated with security audits.
The API provides a centralized and automated way to track your security posture, allowing you to address vulnerabilities more quickly and stay ahead of regulatory requirements.
Why this matters: Managing security in today’s digital landscape requires constant vigilance. The Security Requirements API will provide actionable insights, helping businesses maintain the highest levels of compliance while minimizing risks.
How Can Task Systems Limited Support Your Business?
At Task Systems Limited, we’re committed to ensuring that our clients have the knowledge and resources to stay ahead of crucial updates. Whether you need assistance implementing MFA for your team, managing Azure subscriptions, or understanding how to leverage the new Security Requirements API, we are here to guide you every step of the way.
These updates are designed to safeguard your business against emerging threats and streamline your cloud management processes. Don’t wait until the changes take effect—act now to ensure your systems are compliant and prepared for the future.
Need assistance?
📧 Contact us at engage@tasksystems.com for expert guidance on how these updates will affect your organization and how you can take full advantage of these new security features.