If you want to Migrate MFA and SSPR Methods to Authentication Policies, you have a pretty log runway. You have until September 2024 until they do it for you. I would migrate sooner than later. You can fix any problems that Arise.
As with any security MFA is a good step to ensuring that you M365 tenant will be secure as possible.
Migrate MFA and SSPR Methods to Authentication Policies in 3 Easy Steps
Review Current MFA Verifications Options
Got to https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx and write down you MFA Settings, you will need this for the last step.
Review Current MFA Verifications Options
Go to https://entra.microsoft.com/#view/Microsoft_AAD_IAM/PasswordResetMenuBlade/~/AuthenticationMethods and write down you MFA Settings, you will need this for the last step.
Go to Authentication Methods and start the Migration
Go to https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods/fromNav/Identity . Look through every Authentication method and match the old methods from the previous two steps with what is on this screen:
This table will help you with most settings:
MFA and SSPR Settings
Old Method | New Method (MFA/SSPR) |
Call To Phone | Voice Call |
Text Message To Phone | SMS |
Notification through Mobile App | Notification Through Mobile App / Mobile App Notification / Code |
Verification code from mobile app or hardware token | Hardware OATH/Third Party OATH Tokens |
Email (SSPR only) | Email OTP |
For Each method you wish to bring over click on it in the new screen choose the appropriate setting and toggle enable. Here is an example:
Once you are done bring over the settings, go to the old MFA and SSPR setting screens in the previous steps and uncheck all methods and save.
Finally go to the new Authentication Methods Policies Screen and click “Manage Migration”. You will see this screen:
Choose “Manage Migration” and click Save. Let your tenant run like this for a while until you are confident that there are no issues with the migration. If there are no issues and you are confident that things are running smoothly, go back to this section and click “Manage Migration”.
Change the Setting to “Migration Complete” and click save. There you go. The old MFA and SSPR Authentication methods have been migrated to the new Authentication Methods Policies.