What will be affected by 30 Sept 2024 in regards MFA migration

Kunal Nanda 40 Reputation points
2024-09-10T23:01:59.9+00:00

I have 2 notifications in the Azure, one states the MFA migration will be take place by end of Sept 2024, the other suggest the MFA and SSPR will be migrated by end of Sept 2025.

I would like to have some clarification on what need to be done by end of Sept 2024.

Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. Sandeep G-MSFT 19,106 Reputation points Microsoft Employee
    2024-09-11T18:31:35.5433333+00:00

    @Kunal Nanda

    Thank you for posting this in Microsoft Q&A.

    As I understand you are getting notifications regarding Sept 2024 and Sept 2025.

    MFA migration will be taking place by end of Sept 2024

    There is a change in Azure which is enforcing MFA for all users while accessing Azure portal , Entra portal and Intune portal.

    Phase 0: Starting August 15, 2024 customers will be notified that this enforcement will be coming to their tenants in 60+ days. They will be directed to this page for more information and steps on how to request a grace period.

    Phase 1: Starting in October 15, 2024, enforcement for MFA at sign-in for the Azure portal , Entra portal and Intune portal will roll out gradually to all tenants. This phase will not impact any other Azure clients, such as Azure CLI , Azure PowerShell and IaC tools. This phase is expected to last until March 2025.

    Phase 2: Starting in early 2025, enforcement for MFA at sign-in for Azure Command Line Interface (CLI), Azure PowerShell and Infrastructure as Code (IaC) tools will gradually roll out to all tenants.

    MFA and SSPR will be migrated by end of Sept 2025

    The migration to the Authentication methods policy in Microsoft Entra ID is a process where you move your legacy policy settings that separately control multifactor authentication (MFA) and self-service password reset (SSPR) to a unified management system.

    Basically, on 30 September 2025, the ability to manage authentication methods in the legacy multifactor authentication (MFA) and self-service password reset (SSPR) policies will be retired. Before that date, you'll need to migrate to the Authentication methods policy in Entra ID, which provides all the same capabilities, plus it enables you to:

    • Centrally manage MFA, SSPR, and passwordless authentication methods.
    • More granularly target authentication methods to groups of users instead of all users.
    • Access more secure authentication methods that will be part of future updates of this policy.

    If you don’t migrate, your users will not be affected immediately. You can continue to use tenant-wide MFA and SSPR policies while you configure authentication methods more precisely for users and groups in the Authentication methods policy. However, in March 2023, Microsoft announced the deprecation of managing authentication methods in the legacy MFA and SSPR policies. This means that these legacy policies will eventually be phased out, and it’s recommended to migrate to the new Authentication methods policy.

    To avoid any disruptions in service, migrate your authentication methods from the MFA and SSPR policies to the Authentication methods policy before 30 September 2025.

    If you need more detailed instructions or have specific questions, I recommend checking out the official Microsoft Learn documentation. It provides a comprehensive guide on how to migrate to the Authentication methods policy.

    Documentation links:

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.