Introduction
On September 30, 2025, Microsoft will retire legacy MFA and SSPR policies. This change will impact tenants that still rely on these configurations, potentially causing major disruptions.
Why it matters ?
By default, some critical authentication methods such as Microsoft Authenticator and SMS are not enabled. Without proper configuration, your MFA or SSPR (self-service password reset) may fail, leaving users unable to authenticate or reset their passwords. This can quickly escalate into widespread incidents.
I expect September 30 and October 1 to be overwhelmed with issues related to this change, and forums like Microsoft, Reddit, or X/Twitter (possibly) flooded with user complaints, it’s important to send a new reminder despite the date being so close: it’s not too late if you haven’t acted yet, but time is running out.
What should I do?
To avoid surprises, it's essential to check which authentication methods are active in your tenant, and to enable the ones you use:
- Follow Microsoft’s official documentation for migrating to unified authentication methods:
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage - Use the simplified migration process I created, available for free here:
https://l.clidsys.com/authmethod-migrate. This resource highlights high-level actions and provides direct links to the relevant portals. The linked page also contains aDocumenttab with additional references.
Important reminders
- Do not make blind changes on your tenant, especially not on a Friday.
- If you are unsure, get professional support before making modifications.
Need Help?
If you require assistance to prepare for this transition, I am available to help.
You can use the contact form or reach out via any of my social media.
Comments