Azure MFA for subscription admin

Question

I think it's crazy to have one account with access to delete our entire hosting environment with all our clients' projects. Given that, I need to secure this one account as much as possible.

I know it's possible to enable Multi Factor Authentication for Azure accounts. I would like to do so for our Azure subscription admin account. However, it is listed in the directory as "Sourced From" = "Microsoft account" and when I go to enable MFA, the "Enable" link is not present for this account and the checkbox next to the user is greyed out.

My other directory users which are listed as "Sourced From" = "Microsoft Azure Active Directory" do have the option to enable MFA. Is there any way then, that I can enable it for my subscription admin as well?

Jack Zeng Jack Zeng · Accepted Answer · 2016-05-17T00:59:51

I am guessing that, your Azure subscription admin account is a Live id. Azure MFA is for your organization accounts in that Azure AD only (account from other Azure AD will not work either). You are not able to enable MFA for a Live account you add to your Azure AD.

However, you can enable Two-step verification to your Live ID.

Go to https://account.live.com/proofs/Manage, and login as your subscription admin account.
Scroll down a little bit, you will see the Two-step verification.

Click Set up two-step verification, and follow the hint to setup the Two-step verification.

The Two-step verification is exactly like MFA. And, it's able to enhance security for your account.

Azure MFA for subscription admin

2 Answers