WHO WE ARE
- - - IT CONSULTANT & MANAGED SERVICE PROVIDER
      At Netrix Global, we are passionate about solving problems through technology. Whether you need our experts to consult on how best to leverage your existing resources, extend the capabilities of your team to complete a specific project, or manage your environment 24x7, we can step in whenever and however you need us to. Our Approach
  - - AN EXTENSION OF YOUR TEAM
      Netrix Global is a team of some of the most accomplished engineers, solution architects, and service professionals in the industry. We believe we are an extension of your business, so it's important that you know who you'll be working with. See who makes up our team of experts. MEET OUR EXPERTS
EXPERTISE
SERVICES
- - - ADVISE. DEPLOY. RUN
      
      Our approach to delivering results focuses on a three-phase process that includes designing, implementing, and managing each solution. We'll work with you to integrate our teams so that where your team stops, our team begins.
      OUR APPROACH
  - - PROFESSIONAL SERVICES
      Design modern IT architectures and implement market-leading technologies with a team of IT professionals and project managers that cross various areas of expertise and that can engage directly with your team under various models.
      OUR PROJECTS
  - - MANAGED SERVICES
      With our round-the-clock Service Desk, state-of-the-art Technical Operations Center (TOC), vigilant Security Operations Center (SOC), and highly skilled Advanced Systems Management team, we are dedicated to providing comprehensive support to keep your operations running smoothly and securely at all times.
      OUR SERVICES
KNOWLEDGE BASE
RESOURCES

Author Name: Chris Clark

BLOG ARTICLE

How to Prepare Your Automations and Service Accounts for Microsoft’s Phase 2 MFA Enforcement

Author Name: Chris Clark

Microsoft’s mandatory multifactor authentication (MFA) enforcement is entering Phase 2 on October 1, 2025. If your organization hasn’t requested an extension through the Entra portal, MFA will be automatically required for:

Azure portal
Microsoft Entra admin center
Azure CLI
Azure PowerShell
Azure mobile app
Infrastructure as Code (IaC) tools
REST API (Control Plane)
Azure SDKs

This change is critical for security, but it can disrupt operations—especially for organizations that rely on service accounts and automations. Let’s break down why this matters and how to prepare.

Why Service Accounts and Automations Are at Risk

Traditionally, Conditional Access (CA) policies allow administrators to exclude service accounts and automation scripts from MFA. That flexibility disappears with Phase 2.

Starting October 1, MFA will apply across all accounts, regardless of exclusions. This puts at risk:

Deployment scripts using PowerShell or CLI
IaC pipelines (Terraform, Bicep, ARM templates)
Third-party tools or integrations using service accounts
Custom applications authenticating through Azure SDKs

Without preparation, organizations may face failed deployments, broken automations, and downtime.

Step 1: Inventory and Assess Current Usage

The first step is understanding your exposure.

Identify all service accounts used in Azure CLI, PowerShell, REST APIs, and IaC tools.
Map dependencies: Which applications or teams rely on these accounts?
Check for credentials: Are usernames and passwords hardcoded into scripts?
Ask the big question: What happens if MFA suddenly blocks this account?

This assessment will reveal where modernization is needed most urgently.

Step 2: Move to Modern Authentication Options

Microsoft’s recommended approach is to transition away from service accounts with passwords. Better options include:

Managed Identities
- Ideal for resources already running in Azure (VMs, Functions, Logic Apps).
- Eliminates credential management.
Workload Identities
- Purpose-built for non-human accounts.
- Supports modern authentication without MFA interruptions.
Service Principals with Certificates or Secrets
- Still usable, but less secure than Managed or Workload Identities.
- Best treated as a temporary bridge, not a long-term solution.

Selecting the right approach depends on where and how your automations run.

Step 3: Update and Test Your Automations

Once you’ve identified and transitioned accounts, update scripts and pipelines:

For Azure CLI, switch to az login –identity when using Managed Identities.
Update IaC tools (Terraform, Bicep, ARM templates) to leverage modern authentication flows.
Validate PowerShell modules against MFA enforcement.
Run tests in pre-production to catch issues before October 1.

Document the changes so future automations don’t fall back to outdated methods.

Step 4: Plan for Exceptions or Postponement

Some environments are simply too complex to modernize in a short timeframe. Microsoft allows organizations to request a postponement of Phase 2 enforcement until July 1, 2026.

This option must be requested in the Entra portal.
It buys time, but it should not be treated as a permanent workaround.
Use the extension window to modernize service accounts and eliminate hardcoded credentials.

The Security Advantage of Acting Now

This isn’t just about compliance—it’s about protection. After a breach, attackers often turn to tools like Azure CLI and PowerShell to expand access. By requiring MFA, you close off common attack paths and significantly reduce the blast radius of a compromise.

Moving to Managed or Workload Identities also improves security by removing the risks of passwords and secrets being exposed.

How Netrix Global Can Help

Preparing for Phase 2 can feel overwhelming, especially if you have years of automations built on legacy service accounts. Netrix Global can help you make the transition smoothly:

Environment Assessment – We’ll identify which accounts and automations are at risk.
Remediation Support – Our experts help migrate to Managed or Workload Identities and modernize your scripts.
Testing & Validation – We’ll ensure your IaC pipelines, CLI tools, and PowerShell scripts continue to work after MFA is enforced.
Extension Guidance – If you need more time, we’ll help you request and configure a postponement until July 1, 2026.

Don’t wait until October 1 to discover what breaks. Let Netrix Global help you secure your environment and future-proof your automations today.

IT CONSULTANT & MANAGED SERVICE PROVIDER

AN EXTENSION OF YOUR TEAM

CYBERSECURITY

DIGITAL WORKPLACE

CLOUD PLATFORM

ARTIFICIAL INTELLIGENCE

IT STRATEGY

IT SERVICE MANAGEMENT

APPLICATION DEVELOPMENT

DATA STRATEGY

ADVISE. DEPLOY. RUN

PROFESSIONAL SERVICES

MANAGED SERVICES

How to Prepare Your Automations and Service Accounts for Microsoft’s Phase 2 MFA Enforcement

Why Service Accounts and Automations Are at Risk

Step 1: Inventory and Assess Current Usage

Step 2: Move to Modern Authentication Options

Step 3: Update and Test Your Automations

Step 4: Plan for Exceptions or Postponement

The Security Advantage of Acting Now

How Netrix Global Can Help

Let's get problem-solving

FOLLOW US

WHO WE ARE

OUR EXPERTISE

SERVICES

PARTNERS

RESOURCES

WHO WE ARE

OUR EXPERTISE

SERVICES

PARTNERS

RESOURCES