Automate your MFA and SSPR methods migration with new migration guide in Entra ID

Vladislav Johansen

Oct 14, 20242 min read

In October Microsoft introduced new guide which makes MFA and SSPR method migration process easier from Per User MFA portal / Legacy MFA portal to Authentification methods in Entra ID. As I wrote in my previous blog post in September, Microsoft will deprecate Per User MFA portal in September 2025. It's recommended to migrate your legacy methods to new portal and deactivate the old one. This will make it much easier to scope methods and use better and more secure MFA methods like Microsoft Authentificator with passwordless sign in or passkeys / security keys.

If you haven't migrated your methods yet, you can find this tool in Entra ID portal --> Protection --> Authentification methods --> Policies

So, what did we get here ?

Direct links to Legacy MFA portal and our SSPR policies which is easier to find than before

Pretty nice. No more multiple clicks through Entra ID menus :)

The process is the same as before, review your old methods in SSPR portal and Legacy MFA portal and notice them. You can also double check how many users are using old and unsecure methods like SMS and Call in Authentication methods --> User registration details

As I mentioned before in previous post, it's recommended to not use this methods anymore for sign in purposes. Control this with you Conditional Access authentification strength policy and enforce passwordless sign in method when all users are ready.

Now, let's press Next and take a look

Entra is now suggesting us to activate all authentification methods and scope this methods to all users. This menu is the same what we can see in Authentification methods --> Policies menu. My opinion is that this menu is much better actually, because we can see security score on all methods here and Microsoft's recommendations.