Forum Discussion

PhilippeS's avatar
PhilippeS
Copper Contributor
Jul 01, 2021

aka.ms/mfasetup: old vs new user experience

Hi

 

On some tenants I get https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1 when accessing https://aka.ms/mfasetup, while on others I end up at https://mysignins.microsoft.com/security-info

I couldn't find any documentation how to control this.

Also I wonder if I can manage App passwords using the new https://mysignins.microsoft.com/ and what the roadmap for the two interfaces is.

 

Thank you

  • BilalelHadd's avatar
    BilalelHadd
    Iron Contributor

    Hi Philippe,

     

    The reason you're being redirected sometimes to account.activedirectory URL in some tenants is because it's using the so-called "Per-user MFA" method. I would say that this is the traditional method to use MFA. You can see who is enabled or enforced to use this traditional method by browsing to the Azure portal > Azure Active Directory > Per-user MFA. With this method, you can't control any conditions when and where MFA should be used. 

     

    When you're being redirected to the mysignins page, it's because the tenant uses the "Users can use the combined security information registration experience". This is a new way of letting users configuring their MFA method or self-service password method. This is by the way the preferred method. This can be configured and found under the Azure Portal > Azure Active Directory > User settings > User features -> Manage user feature settings and then choose - Users can use the combined security information registration experience. Don't configure this setting directly for all users, first, start with a set of 'pilot' users and ask for their findings, so select "Selected" users or groups. Sidenote, if you change the authentication methods within the Azure Portal, this will also affect the "traditional MFA methods". So be aware of that.

     

    If I may give you advice, If possible try to get rid of App Passwords and choose the Modern way of authentication and use Conditional Access in combination with the feature as described above.

     

    And last but not least, read this great article published by Jan Bakker: https://janbakker.tech/what-admins-should-know-about-the-combined-registration-portal-for-azure-mfa-and-self-service-password-reset/ 

     

    Microsoft docs: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined 

     

    Regards, Bilal

     

Resources