Migrate MFA and SSPR Methods to Authentication Policies

Migrate MFA and SSPR Methods

If you want to Migrate MFA and SSPR Methods to Authentication Policies, you have a pretty log runway. You have until September 2024 until they do it for you. I would migrate sooner than later. You can fix any problems that Arise.

As with any security MFA is a good step to ensuring that you M365 tenant will be secure as possible.

Migrate MFA and SSPR Methods to Authentication Policies in 3 Easy Steps

Review Current MFA Verifications Options

Got to https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx and write down you MFA Settings, you will need this for the last step.

Migrate MFA and SSPR Methods

Review Current MFA Verifications Options

Go to https://entra.microsoft.com/#view/Microsoft_AAD_IAM/PasswordResetMenuBlade/~/AuthenticationMethods  and write down you MFA Settings, you will need this for the last step.

Migrate MFA and SSPR Methods

Go to Authentication Methods and start the Migration

Go to https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods/fromNav/Identity . Look through every Authentication method and match the old methods from the previous two steps with what is on this screen:

Migrate MFA and SSPR Methods

This table will help you with most settings:

MFA and SSPR Settings

Old MethodNew Method (MFA/SSPR)
Call To PhoneVoice Call
Text Message To PhoneSMS
Notification through Mobile AppNotification Through Mobile App / Mobile App Notification / Code
Verification code from mobile app or hardware token  Hardware OATH/Third Party OATH Tokens
Email (SSPR only)Email OTP

For Each method you wish to bring over click on it in the new screen choose the appropriate setting and toggle enable. Here is an example:

Migrate MFA and SSPR Methods

Once you are done bring over the settings, go to the old MFA and SSPR setting screens in the previous steps and uncheck all methods and save.

Finally go to the new Authentication Methods Policies Screen and click “Manage Migration”. You will see this screen:

Migrate MFA and SSPR Methods

Choose “Manage Migration” and click Save. Let your tenant run like this for a while until you are confident that there are no issues with the migration. If there are no issues and you are confident that things are running smoothly, go back to this section and click “Manage Migration”.

Change the Setting to “Migration Complete” and click save. There you go. The old MFA and SSPR Authentication methods have been migrated to the new Authentication Methods Policies.

Avatar photo

I am an IT professional with over twenty years experience in the field. I have supported thousands of users over the years. The organizations I have worked for range in size from one person to hundreds of people. I have performed support from Help Desk, Network / Cloud Administration, Network Support, Application Support, Implementation and Security.

Pin It on Pinterest