migrate your authentication methods from the MFA and SSPR policies to the Authentication methods policy before 30 September 2025.

David Guzman Jimenez 20 Reputation points

Hello, I received this email mentioning the title of this question. migrate your authentication methods from the MFA and SSPR policies to the Authentication methods policy before 30 September 2025. I have an on-prem Authenticator server that I use for MFA VPN connections. The rest of our authentication is done through AD (for on-site authentication) or through Entra (for remote login like a user singing to Teams from a cell phone). I'm on the understanding that what I need to migrate is the on-prem Authenticator server, the rest of our configurations need no change at all. Is that right? Thank you for your help. David

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,104 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,643 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 32,541 Reputation points Microsoft Employee

    Hi @David Guzman Jimenez ,

    Thanks for your post! This announcement is not related to whether you have an on-prem setup or not. The recommendation you cited is related to the Authentication methods policy and the deprecation is related to the existing MFA and SSPR configuration in your Azure tenant. The legacy settings are located under Microsoft Entra ID > Users > All users > Per-user MFA > service setting (for MFA configuration) and Identity > Users > Password reset > Authentication methods (for SSPR configuration). The guidance is to move to the new unified experience under Microsoft Entra admin center Protection > Authentication methods . You need to make sure that the settings for your tenant (available MFA methods in service settings and users in scope for SSPR) are noted so that when you migrate to the new experience, the configuration is ported over. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage

    The on-prem setup is a separate question. If you are using an existing on-prem MFA server setup, MFA server will also be deprecated in the future and the recommendation is to migrate to Azure MFA. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-migrate-mfa-server-to-azure-mfa?source=recommendations

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions. Otherwise let me know if you have further questions.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful