This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 1%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Microsoft have recently announced that, "The ability to manage authentication methods in MFA and SSPR policies ends 30 September 2024" and so everyone must, "Migrate to the Authentication methods policy in Azure Active Directory by 30 September 2024."
I have been trying to work out the best course of action for businesses that currently make use of Microsoft 365 per-user MFA, who currently do not have premium licencing and so cannot use Conditional Access in Azure, but for whom Security Defaults is not the appropriate/preferred option (as it will apply MFA to all users and additionally force them use an authenticator app to register, which may be problematic in some settings).
However I have realised I may have read more into the announcement then was actually there - can someone please therefore confirm, when Microsoft say authentication methods will no longer be managed in the per-user MFA (legacy) portal, is it literally just the authentication METHODS that will no longer be there (i.e. the options in the "Service Settings" tab), but you WILL still be able to use the legacy portal to select which users do and don't have to use MFA in the first place?
Processes in Microsoft 365 for setting up Office apps, redeeming product keys, and activating licenses.
A cloud-based identity and access management service for securing user authentication and resource access
Answer accepted by question author
Correct, its just migrated all the settings to the new experience.
There is nothing in the current doc that suggests otherwise:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
I suppose I shouldn't be totally surprise if the other functionality in Per User MFA also gets deprecated at some point in the future(?), forcing us into either Conditional Access or Security Defaults, but your answer provides some welcome reassurance for now - thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 92%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
@Andy David If this is the case, do we know why Microsoft chose not to include the API's for Legacy Per-User MFA in the CSP GDAP API? Any help would be appreciated, as we're trying to pull this information in our product for thousands of MSP's! Right now we have to do a clunky direct-only integration with PNP Powershell.