what happens if i Migrate to new Authentication Methods Policy in Azure?

Question

As an IT admin, I am using MFA for authentication in my organization, I want to know what happens if I migrate the new policy in Microsoft Entra Authentication Methods in my organization in detail. thank you for your answers in advance.

Answer 1

Hi @Mohamed Umer ,

The main risk I can think of is not remembering your existing policy settings or noting it down before you migrate. It's recommended to note down the authentication method settings from your MFA policy, SSPR policy (if used), and Authentication methods policy (if used).

If your tenant is only using the legacy MFA policy, and isn't using SSPR, the update is straightforward - you can enable each method for all users and precisely match your existing policy. If your tenant is using both MFA and SSPR, you'll need to consider each method. Where the policies match, you can match your current state. Where there's a mismatch, you'll need to decide whether to enable or disable the method altogether.

You can roll back migration and the process is reversible, but you will need to make sure that your existing configuration carries over and you have done an audit of existing settings. This process and these considerations are documented here: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage

If the information addressed your concern, please Accept the answer. This will help us as well as others in the community who may be researching similar questions. Otherwise let me know if you have further questions.