Entra ID

How to Migrate Legacy MFA & SSPR Authentication Methods in Microsoft Entra ID

In this post I’ll show you how to migrate the legacy Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) policies to the new unified Authentication Methods policy in Entra ID (formerly known as Azure Active Directory).

Deadline for migration is September 30th, 2025.

These are the key steps you need to take:

  1. Audit your current MFA and SSPR policies in Entra ID
  2. Set up the new unified authentication methods policy
  3. Change the migration status to Migration In Progress
  4. Disable current MFA and SSPR authentication methods
  5. Change the migration status to Migration Complete
  6. Test.

Let’s get started.

P.S. If you are more of a visual person than a text person, I have also recorded a video walkthrough:

YouTube video

Legacy MFA & SSPR to Authentication Methods Policy in Entra ID – Announcement

In September 2023, Microsoft announced:

On September 30th, 2025 we will be retiring the ability to manage authentication methods in the legacy Multifactor Authentication (MFA) and Self-Service Password Reset (SSPR) policies in Entra ID. Organizations should migrate their methods to the converged authentication methods policy where methods can be managed centrally for all authentication scenarios including passwordless, multi-factor authentication and self-service password reset.

Entra Sspr & Mfa Microsoft Announcement

Migration

Let’s begin.

Step 1: Audit Your Current MFA and SSPR Policies in Entra ID

The first step you need to take is to review your current MFA and SSPR policies.

You should take note or screenshot of the current set up so in case there are issues, you can quickly revert back.

Legacy Mfa Policy
Legacy Sspr Policy

Step 2: Set up the New Unified Authentication Methods Policy

You now need to set up the new policy e.i. the one you are migrating to.

Go through each method and enable the ones you want to use. Most likely that will be Microsoft Authenticator, SMS, and Third-party Software OATH tokens if you are using Google Authenticator, Authy or similar.

New Authentication Methods Policy

Step 3: Change the Migration Status to Migration in Progress

On the new policy, click Manage migration and then select Migration In Progress then click Save.

This will start using the new policy for authentication and SSPR while still respecting the legacy policies.

Migration State

Step 4: Disable Current MFA & SSPR Authentication Methods

You won’t be able to complete the migration until you disable the current MFA and SSPR authentication methods.

Go to the MFA and SSPR policy pages from Step 1 and untick all enabled authentication methods then save.

Step 5: Change the Migration Status to Migration Complete

Now go back to the new authentication methods policy page from Step 3, click Manage migration then tick Migration Complete and click Save.

You should see a notification in the top right of your screen that the migration is now complete.


From now on, you will manage the MFA and SSPR authentication methods in a single policy that you just set up.

Step 6: Test

You can now test and validate the changes by going through the login flow for your Microsoft tenant.

You should see that authentication methods you set up in your new policy are honoured. If they are the same as your legacy policies then you won’t notice any difference.

The Bottom Line

This update by Microsoft consolidates authentication methods in Entra ID under one policy, streamlining the management of MFA and SSPR policies.

For help with Entra ID

Get started

Categories

Invite Me to Your Inbox 1-2 Times a Month!

More Microsoft knowledge and tips

Graphic showing people reading cyber security news

News

Microsoft Security News Roundup – August 2024

Welcome to my first roundup of the latest Microsoft security news. In this roundup, we will cover the Entra ID, Copilot for Security, Intune, ...

Continue reading
Scam Email Alert graphic

Infosec

Gmail Account Takeover: Super Realistic AI Scam Call

This is a story of a super realistic AI scam call that could trick a vast number of people. Don’t be one of them. ...

Continue reading
Windows 11 background

Windows

The Best Windows 11 Hidden Features, Tips & Tricks

In this post I’m going to share some of my favourite Windows features that might not be widely known. I use Windows 11 Pro ...

Continue reading