Migrating from the legacy Multi-Factor Authentication (MFA) portal to the new Entra ID Authentication Methods in Azure Active Directory (AAD) is a crucial step to enhance your organization’s security posture. Here’s what you need to know:
The legacy MFA portal (https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx) is being replaced by the Authentication Methods blade in the AAD portal (https://portal.azure.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods).
Steps to migrate
- Review your current MFA settings in the legacy portal
- Document the user settings, including phone numbers and OATH tokens
- Enable the new Authentication Methods in the AAD portal
- Configure the desired authentication methods (e.g., Microsoft Authenticator app, FIDO2 security keys)
- Assign the new authentication methods to users
- Communicate the changes to your users and provide guidance on setting up the new methods
- Monitor the adoption of the new authentication methods
- Disable the legacy MFA methods once the transition is complete
Risks and consequences
- Users may experience disruption if not properly informed and guided through the migration process
- Misconfiguration of the new authentication methods could lead to lockouts or security vulnerabilities
- Legacy MFA methods will eventually be deprecated, so timely migration is essential
By carefully planning and executing the migration, you can ensure a smooth transition to the more secure and feature-rich Entra ID Authentication Methods. Your users will benefit from a better authentication experience, and your organization will be better protected against evolving security threats.
Reference: What authentication and verification methods are available in Microsoft Entra ID?