Migrate to the Authentication methods policy in Entra ID by 30 September 2025

Shaune Drake 0 Reputation points
2024-01-24T16:18:05.99+00:00

My company received this email and was researching what our next step is. We use Imprivata for the majority of our MFA, but was needing guidance on what I need to look at and do in our environment to mitigate this worry. Also, how do I check to see if we have a SSPR available?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,255 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 20,721 Reputation points Microsoft Employee
    2024-01-25T04:34:44.5533333+00:00

    @Shaune Drake

    Thank you for reaching out to Microsoft Azure QnA platform.

    The migration to the Authentication methods policy in Microsoft Entra ID is a process where you move your legacy policy settings that separately control multifactor authentication (MFA) and self-service password reset (SSPR) to a unified management system.

    Basically, on 30 September 2025, the ability to manage authentication methods in the legacy multifactor authentication (MFA) and self-service password reset (SSPR) policies will be retired. Before that date, you'll need to migrate to the Authentication methods policy in Entra ID, which provides all the same capabilities, plus it enables you to:

    • Centrally manage MFA, SSPR, and passwordless authentication methods.
    • More granularly target authentication methods to groups of users instead of all users.
    • Access more secure authentication methods that will be part of future updates of this policy.

    Below are the steps you might need to take:

    1. Audit your existing policy settings: Document the settings for each authentication method available for your users. If you aren’t using SSPR and aren’t yet using the Authentication methods policy, you only need to get settings from the MFA policy.
    2. Review the legacy MFA policy: Document which methods are available in the legacy MFA policy.
    3. Review the legacy SSPR policy: Document the authentication methods available in the legacy SSPR policy.
    4. Start the migration: Log in to the Microsoft Entra admin center and select Manage migration.

    If you don’t migrate, your users will not be affected immediately. You can continue to use tenant-wide MFA and SSPR policies while you configure authentication methods more precisely for users and groups in the Authentication methods policy. However, in March 2023, Microsoft announced the deprecation of managing authentication methods in the legacy MFA and SSPR policies. This means that these legacy policies will eventually be phased out, and it’s recommended to migrate to the new Authentication methods policy. If your users do not have MFA enabled, they will be prompted to register the next time that MFA is required at sign-in. It’s advisable to set Microsoft Authenticator as the default MFA method for users. To avoid any disruptions in service, migrate your authentication methods from the MFA and SSPR policies to the Authentication methods policy before 30 September 2025. If you need more detailed instructions or have specific questions, I recommend checking out the official Microsoft Learn documentation. It provides a comprehensive guide on how to migrate to the Authentication methods policy. Documentation links:

    Adding to the above details, you can refer to this video - https://www.youtube.com/watch?v=vzKugABBxsk (recorded by one of our Microsoft Engineer) where he explained the Authentication methods policy in detailed.

    Let us know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.