Share via

The risk and consequence for the users when migrating Legacy Multi-factor authentication to the new Entra ID Authentication methods

EnterpriseArchitect 5,096 Reputation points
2024-06-26T03:03:45.3533333+00:00

I need some assistance before migrating from this old legacy portal: https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx to this new location: https://portal.azure.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods

User's image

What are the risk and consequence for the users when migrating Legacy Multi-factor authentication to the new Entra ID Authentication methods for the above selection?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,309 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,283 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,751 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,437 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Babafemi Bulugbe 2,985 Reputation points MVP
    2024-06-28T17:42:00.8433333+00:00

    Hello EnterpriseArchitect,

    Thank you for posting your query in the Microsoft Q&A Community.

    I would advise you to perform this migration during off-peak hours as users may experience disruptions. You need to send a clear communication before going ahead with this. Another risk will be regarding the proper configuration. Misconfiguring the authentication methods could lead to lockouts or security vulnerabilities. It’s essential to configure the desired authentication methods accurately and thoroughly

    To mitigate these risks, follow the steps below

    • Document user settings, including phone numbers during the review process of your current MFA settings in the legacy portal
    • Enable the new Authentication Methods in the AAD portal.
    • Configure the desired authentication methods

    Follow the link below for more information about this.

    https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage#before-you-begin

    Let me know if further assistance is needed.

    Babafemi

  2. Raja Pothuraju 1,275 Reputation points Microsoft Vendor
    2024-07-09T12:10:25.3666667+00:00

    Hello @EnterpriseArchitect,

    Thank you for posting your query on Microsoft Q&A.

    Based on the discussion above, it seems you are aiming to migrate from legacy policies to modern authentication policies with a focus on minimizing user impact during the migration process.

    To proceed with the migration, please follow the step-by-step instructions in the document provided:

    https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage#before-you-begin

    1. Firstly, review the legacy policies in "Per-User MFA" under Service Settings. Ensure that verification options are enabled but refrain from making any changes at this stage.
    2. Next, review the legacy SSPR (Self-Service Password Reset) policy and check the enabled authentication methods.
    3. Now, enable the modern authentication methods policy for your users, aligning it with your existing legacy policies.Screenshot that shows the authentication methods.
    4. After enabling authentication methods under the modern policy, proceed with the migration steps by disabling verification options in the legacy settings and updating authentication methods in the SSPR policy.
    5. You can change it to Migration in progress to Migration Complete.

    During this process, there should be no impact on users' login sessions. All users should be able to authenticate without any issues if we make changes as per the above steps.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    Thanks,
    Raja Pothuraju.