AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Users must authenticate with multi-factor authentication to create or update resources

Azure BuiltIn Policy definition

Source Azure Portal
Display name Users must authenticate with multi-factor authentication to create or update resources
Id 4e6c27d5-a6ee-49cf-b2b4-d8fe90fa2b8b
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 2
1.0.1
1.0.0-preview
Built-in Versioning [Preview]
Category General
Microsoft Learn
Description This policy definition blocks resource create and update operations when the caller is not authenticated via MFA. For more information, visit https://aka.ms/mfaforazure.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types none
Compliance
The following 1 compliance controls are associated with this Policy definition 'Users must authenticate with multi-factor authentication to create or update resources' (4e6c27d5-a6ee-49cf-b2b4-d8fe90fa2b8b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 IM-2 Azure_Security_Benchmark_v3.0_IM-2 Microsoft cloud security benchmark IM-2 Identity Management IM-2 Protect identity and authentication system Shared **Security Principle:** Secure your identity and authentication system as a high priority in your organization's cloud security practice. Common security controls include: - Restrict privileged roles and accounts - Require strong authentication for all privileged access - Monitor and audit high risk activities **Azure Guidance:** Use the Microsoft Entra security baseline and the Microsoft Entra Identity Secure Score to evaluate your Microsoft Entra identity security posture, and remediate security and configuration gaps. The Microsoft Entra Identity Secure Score evaluates Microsoft Entra ID for the following configurations: -Use limited administrative roles - Turn on user risk policy - Designate more than one global admin - Enable policy to block legacy authentication - Ensure all users can complete multi-factor authentication for secure access - Require MFA for administrative roles - Enable self-service password reset - Do not expire passwords - Turn on sign-in risk policy - Do not allow users to grant consent to unmanaged applications Note: Follow published best practices for all other identity components, including the on-premises Active Directory and any third party capabilities, and the infrastructures (such as operating systems, networks, databases) that host them. **Implementation and additional context:** What is the identity secure score in Microsoft Entra ID: https://docs.microsoft.com/azure/active-directory/fundamentals/identity-secure-score Best Practices for Securing Active Directory: https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory n/a link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Microsoft cloud security benchmark v2 e3ec7e09-768c-4b64-882c-fcada3772047 Security Center Preview BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2025-09-05 17:23:04 change Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2025-05-22 17:43:25 add 4e6c27d5-a6ee-49cf-b2b4-d8fe90fa2b8b
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC