When using/managing/administering Azure, or whatever else you may be doing with it, there are a few different sites that you may have access to. There is the Azure portal, the Classic portal, the EA site, and potential other portals too.
If, in your company, you have access to the EA portal (https://ea.azure.com) though, you have access to the root of everything running in Azure for your organization. If your account details were compromised, a potential attacker could use your credentials to log into the EA site and get access to your departments, accounts and subscriptions. This is a very serious risk, as all your hard work in making sure your Azure resources are secure could mean very little if an attacker gets access to the EA site.
It is highly recommended that any accounts with access to the EA site are secured with Multi-Factor Authentication (MFA) to mitigate this risk.
There is a step-by-step guide on configuring MFA and how to enable it for specific accounts here, https://blogs.technet.microsoft.com/canitpro/2014/08/14/step-by-step-enable-multi-factor-authentication-in-azure/. Unfortunately, it all still needs to be done in the classic Azure portal at present, but I’m sure it will move to the new portal at some point.
To make authentication with MFA enabled as smooth and secure as possible, be sure to use the Microsoft Authenticator app, which is available for iOS, Android and Windows Phone…. Details here, https://docs.microsoft.com/en-gb/azure/multi-factor-authentication/multi-factor-authentication-microsoft-authenticator.
Be safe and secure, people!