Migrating from "old" MFA to "new" MFA with Conditional Access, how to proceed?

Frequent Contributor

What's the best approach to migrate from using the "old" MFA


Which settings in the old portal are still relevant while using Conditional Access and Strong authentication?

4 Replies
best response confirmed by Kiril (Frequent Contributor)
Thank you very much, Vasil. Very insightful.

I also stumbled upon this page:

One of the prerequisites listed there is: "Users can't have already set up the Authenticator app for push notifications on their account." - if that's the case, should we just delete the authentication method and start again?
If your users were already configured for MFA, you can ignore this part.

So it's basically:

1. Remove old MFA config (set users to disabled, or remove StrongAuthenticationRequirements using power shell)
2. Deploy Conditional Access policy
3. Enable Authentication Methods in Azure (e.g. Microsoft Authenticator)