SOLVED

Migrating from "old" MFA to "new" MFA with Conditional Access, how to proceed?

Steel Contributor

What's the best approach to migrate from using the "old" MFA https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx.

 

Which settings in the old portal are still relevant while using Conditional Access and Strong authentication?

5 Replies
best response confirmed by Kiril (Steel Contributor)
Thank you very much, Vasil. Very insightful.

I also stumbled upon this page: https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-camp...

One of the prerequisites listed there is: "Users can't have already set up the Authenticator app for push notifications on their account." - if that's the case, should we just delete the authentication method and start again?
If your users were already configured for MFA, you can ignore this part.

So it's basically:

1. Remove old MFA config (set users to disabled, or remove StrongAuthenticationRequirements using power shell)
2. Deploy Conditional Access policy
3. Enable Authentication Methods in Azure (e.g. Microsoft Authenticator)

Did the steps you post work for you or did you do something else to resolve? @Kiril 

1 best response

Accepted Solutions