Per user MFA to Entra Migration check list

Perumallapally, John Austeen 40 Reputation points
2024-09-18T13:55:08.46+00:00

Microsoft have recently announced that, "The ability to manage authentication methods in MFA and SSPR policies ends 30 September 2024" and so everyone must, "Migrate to the Authentication methods policy in Azure Active Directory by 30 September 2024."
User's image User's image I have created two conditional access polices in regards with this and our current Authentication methods are in the pictures.

What do I need to cross check and update to completely migrate and close Per user MFA.
I have read the resources from Microsoft learn and other blogs but not quite sure, how my employees are getting their MFA from, is it conditional access or per user MFA.

Is there some probable way, that I can cross check what is prompting the MFA for all employees? How can I be sure that my users are getting MFA from Microsoft Entra ID only ?

Thanks all out there for answering as many questions as possible.

Thank you.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,053 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,692 questions
{count} votes

Accepted answer
  1. Vasil Michev 105.7K Reputation points MVP
    2024-09-18T16:15:04.59+00:00

    Just to be clear, per-user MFA is not going away, you can still use it if that's your preferred solution. As for checking CA policies coverage with regards to MFA, you can use these workbooks:

    https://learn.microsoft.com/en-us/entra/identity/monitoring-health/workbook-conditional-access-gap-analyzer

    https://learn.microsoft.com/en-us/entra/identity/monitoring-health/workbook-mfa-gaps

    If you don't have Log analytics, work with the User registration report instead: https://portal.azure.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/UserRegistrationDetails


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.