In case you didn’t noticed, Microsoft recently announced that on September 30th, 2025 the legacy Multi Factor Authentication (MFA) and Self-Service Password Reset (SSPR) policies will be deprecated. While there is still some time, you can begin the migration to the new approach today.
This is an excellent opportunity to phase out outdated authentication methods such as SMS and phone-based authentication.
First of all, let’s take a look of the current configuration.
Check current (legacy) Authentication methods
- Go to https://portal.azure.com
- Open Azure Active Directory – Users
- Open legacy MFA portal under Per-User MFA
- Take a note of the verification options. Write down which options are Enabled. We will need this information later
- Go back to Azure Active Directory
- Open Password reset – Authentication methods
Take a note of the verification options. Write down which options are Enabled. We will need this information later - Go back to Azure Active Directory
- Open Security – Authentication Methods
- Take a note of the verification options. Write down which options are Enabled. We will need this information later
- We have now checked the current authentication methods.
Review which users are capable of using the new authentication methods
As mentioned earlier, transitioning to the new authentication methods presents a valuable opportunity to bid farewell to outdated authentication methodes such as phone and SMS. We will now verify whether all users are ready to seamlessly use the new authentication methods or if any additional actions are required.
- Go back to Azure Active Directory
- Open Security – Authentication Methods
- Open User registration details
You can use a filter in the right column to see which authentication methods are registered. If the new method is not listed here, it will have an impact on the end user. The end user will need to register for it.
This allows you to inform end users that a transition to secure authentication methods is underway and instruct them to register accordingly.
Migrate to new Authentication Methods
The next step is to update the migration status to “In Progress.” This way, both the new and old methods remain accessible to users during the transition.
- Go back to Azure Active Directory
- Open Security – Authentication Methods
- Open Manage Migration
- Switch to Migration in Progress
- Choose Save
If you wish to continue using outdated methods, you need to add them as an authentication method in the “new portal” Authentication Methods – Policies
If everything aligns with the audit conducted in step 1 and meets the requirements and preferences, it’s time to make the final transition to the “new portal.”
The first step is to disable the authentication methods in the “old environment.”
Don’t lock yourself out, and ensure that you have enough authentication methods available!
Open Azure Active Directory – Users
- Open legacy MFA portal under Per-User MFA
- Uncheck all options under authentication methods
- Go back to Azure Active Directory
- Open Password reset – Authentication methods
- Uncheck all options under authentication methods
- Go back to Azure Active Directory
- Open Security – Authentication Methods
- Open Manage Migration
- Choose Migration Complete
You have now successfully migrated to the new authentication methods portal.
Thank you for taking the time to read my blog. Kindly share it with others if you find it helpful!