Upcoming Azure rule updates for MFA scoring and Function App evaluation changes

Views:

March 19, 2026, Conformity—Upcoming Rule Updates

Release Date: March 26, 2026

The following rules will be updated to align with the latest industry recommendations. These updates introduce stricter evaluation criteria, which may result in changes to your compliance scores. It is recommended that you review the affected rules and any newly flagged resources ahead of the effective date.

Azure

The following MFA rules are now scored and will affect your compliance scores:

ActiveDirectory-001: MFA for privileged users
ActiveDirectory-002: MFA for non-privileged users

The following rules no longer evaluate on Function Apps:

AppService-008: HTTPS only
AppService-010: Minimum TLS version
AppService-011: App Service authentication
AppService-013: Client certificates
AppService-015: FTP access
LogicApps-001: Diagnostic logs