HomeWinBuzzer NewsMicrosoft Enhances Windows Update Options, Details Azure MFA Mandate

Microsoft Enhances Windows Update Options, Details Azure MFA Mandate

Administrators are encouraged to enable MFA within their tenants using the MFA wizard for Microsoft Entra.


has introduced new measures to provide administrators with greater control over . The Windows Update for Business deployment service, which will be generally available by May 24, allows feature updates to be offered as optional rather than mandatory. This change marks a shift from the previous system where updates were enforced, leading to forced restarts after a set period.

Optional Feature Updates

Under the new system, administrators can present feature updates as optional, giving users the autonomy to decide when to install them. However, if necessary, administrators retain the ability to mandate updates by marking them as required. This adjustment aims to streamline the management of Windows devices, making it easier for IT professionals to handle updates.

Microsoft has also clarified its upcoming requirement for multi-factor authentication (MFA) for Azure users. An initial announcement on May 14 caused confusion among administrators, particularly concerning service accounts and specific scenarios such as schools where phone use is restricted.

Detailed MFA Requirements

Microsoft analyst Mary Jo Foley highlighted further details provided by Naj Shahid, an Azure Principal Project Manager. Shahid explained in a comment that the MFA requirement will apply to users accessing the Azure portal, CLI, PowerShell, or Terraform for resource administration. However, service principals, managed identities, workload identities, and similar token-based accounts used for automation are exempt from this requirement.

Starting in July 2024, Microsoft will begin enforcing MFA for all users signing into the Azure portal. Following this, the policy will extend to CLI, PowerShell, and Terraform. The company will communicate specific rollout dates through official emails and notifications. This initiative aims to enhance account security by requiring multiple verification methods, thereby reducing the risk of unauthorized access and data breaches.

supports various MFA methods, including the Microsoft Authenticator app, Windows Hello for Business, SMS, voice calls, and hardware tokens. Administrators can use Entra ID Conditional Access policies to customize MFA requirements based on user location, device, role, or risk level.

Administrators are encouraged to enable MFA within their tenants using the MFA wizard for Microsoft Entra. They can monitor user registration for MFA through the authentication methods registration report. Additionally, a PowerShell script is available to generate a report showing the MFA status for all end users.

Implementation and Customer Feedback

Microsoft is actively seeking customer feedback on specific scenarios, including break-glass accounts and special recovery processes. While any supported MFA method can be used, opting out of MFA will not be possible. An exception process will be available for cases where no other workaround exists. Although the enforcement rollout will be gradual, Shahid emphasized the importance of setting up MFA as soon as possible.

Markus Kasanmascheff
Markus Kasanmascheff
Markus is the founder of WinBuzzer and has been playing with Windows and technology for more than 25 years. He is holding a MasterĀ“s degree in International Economics and previously worked as Lead Windows Expert for Softonic.com.

Recent News