Azure Multi-Factor Authentication (MFA) Server is currently set up to import or synchronize users from Active Directory and provide Multi-factor authentication as an additional layer of security to prevent unauthorized users from accessing these accounts. However, Microsoft recently announced that Azure MFA Server will no longer be functional after September 30, 2024, and the Customers who are using MFA Server should move to Azure AD Multi-Factor Authentication (Azure AD MFA).
The following steps explain a quick overview for the migration.
- Azure Portal: Create Azure AD groups and add the appropriate users to these groups.
- On the on-premises server where the MFA Server is installed:
- Navigate to the MFA server installation path:
C:\Program Files\Multi-Factor Authentication Server. - Locate and open the executable file named
MultiFactorAuthMigrationUtilUI.exe. This utility will help synchronize user data with Azure. - In the utility, enter the name of the Azure AD group containing the users you want to migrate. The user list will be populated accordingly.
- Review the settings and select all users for migration.
- Click on “Migrate Users” to start the migration process.
To verify the authentication method used by a user, refer to the MultiFactorAuthSvc.log file.
By accessing the “Azure Active Directory > Security > Authentication Methods > User registration details” section in the Azure portal, you can obtain comprehensive information about the authentication methods utilized by your users. This allows you to monitor and manage the authentication setup effectively after the migration from Azure MFA to Azure AD.