Microsoft is launching the general availability of the new Azure MFA Server Migration Utility to help customers modernize security and migrate from on-premises MFA Server to cloud-based Azure MFA.
This comes after Microsoft began blocking new downloads of the on-prem MFA Server since July 2019, pushing customers toward Azure MFA, which Microsoft calls its “premier MFA experience.” The company bills Azure MFA as a tool that helps lower total cost of ownership, simplifies deployment and improves security.
The Azure MFA Server Migration Utility is designed to make it easier for admins to modernize their infrastructure by migrating users from on-prem Azure MFA Server to Azure MFA, the company says.
According to Microsoft, the tool includes two pieces:
The Azure MFA Server Migration Utility facilitates the migration of user authentication data stored on-premises directly into Azure AD, all without requiring any re-registration or action from their end users. It’s included in the latest update of Azure MFA Server.
Staged Rollout for Azure MFA functionality within Azure AD, which allows admins to selectively test and move users to Azure MFA without requiring any changes to federation settings.
To get started, organizations must first upgrade their primary Azure MFA Server to at least version 6.1.0.
Next, admins should target users for migration, which Microsoft says is as easy as selecting the Azure AD group containing users to be migrated, defining the various registered MFA methods that should be moved to Azure AD.
Lastly, users should be targeted for Azure MFA via the new Migration Utility using the Staged Rollout for Azure MFA to ease migrations by determining which users should use Azure MFA, based on targeted group membership, Microsoft says.
Microsoft says testing should be extremely low risk since no changes to tenants or federation settings are required. Once testing and migrations are complete, organizations can retire their entire MFA Server deployment to reduce infrastructure and maintenance costs.
Read this Tech Community blog for more details.