Microsoft has announced that, as of September 30, 2025, legacy multi-factor authentication (MFA) and self-service password reset (SSPR) configurations will be migrated to Microsoft Entra ID authentication methods.
This change represents a restructuring of identity and access management in corporate environments, requiring organizations to migrate to the new unified authentication method policy. Until now, many companies have used Entra ID to manage MFA and SSPR separately. In the new model, all methods, such as Microsoft Authenticator notifications, SMS, voice calls, passkeys and others, will be managed exclusively by the new Microsoft Entra ID authentication methods policy.
This unified approach is expected to simplify administration and increase security by providing centralized control over access.
More information on this issue, as well as tutorials for automated or manual migrations, are available on Microsoft’s official site: https://learn.microsoft.com/pt-br/entra/identity/authentication/how-to-authentication-methods-manage
Given this scenario, SEK recommends the following actions for companies that need to migrate to the Entra ID authentication policy:
- Audit the current MFA and SSPR policy configurations
- Start the migration to the new policy using the tutorial provided by Microsoft
- Remember that MFA and SSPR policies will be migrated/unified under the Authentication Methods policy
- Configure MFA for all registered accounts broadly, even if such action is optional
The change promoted by Microsoft requires planning. Therefore, SEK is available to assist its customers in any way necessary.
