SOLVED

Migrating from "old" MFA to "new" MFA with Conditional Access, how to proceed?

Frequent Contributor

What's the best approach to migrate from using the "old" MFA https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx.

 

Which settings in the old portal are still relevant while using Conditional Access and Strong authentication?

4 Replies
best response confirmed by Kiril (Frequent Contributor)
Thank you very much, Vasil. Very insightful.

I also stumbled upon this page: https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-camp...

One of the prerequisites listed there is: "Users can't have already set up the Authenticator app for push notifications on their account." - if that's the case, should we just delete the authentication method and start again?
If your users were already configured for MFA, you can ignore this part.

So it's basically:

1. Remove old MFA config (set users to disabled, or remove StrongAuthenticationRequirements using power shell)
2. Deploy Conditional Access policy
3. Enable Authentication Methods in Azure (e.g. Microsoft Authenticator)