Enabling multi-factor authentication for the Azure portal

Question

Is it possible to enable multi-factor authentication for getting access to the Azure portal, https://portal.azure.com?

I know there is an MFA server resource in Azure itself, but my understanding is that this is for Azure hosted applications/resources. I initially want to enable MFA for getting access to the portal itself, before setting it up for the different resources themselves in Azure.

Answer 1

EDIT: The feature I originally mentioned has been replaced by Security Defaults, which includes requiring that all users register for MFA (but non-admin users don't necessarily have to use it), and requires admin users to use MFA. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

Old response: There is currently a feature in preview offering a baseline policy to apply MFA to the Azure Portal (and PowerShell and CLI). https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-baseline-protection#require-mfa-for-service-management-preview

This is applicable even at the free level of AAD.

Answer 2

Yes, you can.

For example here they say

Add protection for Azure administrator accounts

Multi-Factor Authentication adds a layer of security to your Azure administrator account at no additional cost. When turned on, you need to confirm your identity to spin up a virtual machine, manage storage, or use other Azure services.

Here is one of step-by-step guides.

UPD Feb 2019

Azure is constantly evolving, so many answers and related articles quickly become outdated.

As it is now, MFA is not a free option. I would start reading this Microsoft page for details, in particular:

Multi-Factor Authentication comes as part of the following offerings:

• Azure Active Directory Premium licenses
  • Azure MFA Service (Cloud)
  • Azure MFA Server
• Multi-Factor Authentication for Office 365
• Azure Active Directory Global Administrators