Forum Discussion
Solved
Migrating from "old" MFA to "new" MFA with Conditional Access, how to proceed?
What's the best approach to migrate from using the "old" MFA https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx. Which settings in the old portal are still relevant ...
Thank you very much, Vasil. Very insightful.
I also stumbled upon this page: https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign
One of the prerequisites listed there is: "Users can't have already set up the Authenticator app for push notifications on their account." - if that's the case, should we just delete the authentication method and start again?
I also stumbled upon this page: https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign
One of the prerequisites listed there is: "Users can't have already set up the Authenticator app for push notifications on their account." - if that's the case, should we just delete the authentication method and start again?
If your users were already configured for MFA, you can ignore this part.
So it's basically:
1. Remove old MFA config (set users to disabled, or remove StrongAuthenticationRequirements using power shell)
2. Deploy Conditional Access policy
3. Enable Authentication Methods in Azure (e.g. Microsoft Authenticator)Did the steps you post work for you or did you do something else to resolve? Kiril
