ID-06: Complete Authentication Methods Policy Migration
Frequently asked questions about implementing and managing the ID-06 security control in Microsoft 365 and Entra ID.
QWhat is ID-06 (Complete Authentication Methods Policy Migration)?▼
ID-06 is a security control that the legacy per-user mfa system cannot be centrally managed or monitored. migrating to the unified authentication methods policy enables centralized control over passkeys, fido2, and all mfa methods. It requires that authentication methods policy migration state is "migrationcomplete" and legacy per-user mfa settings are no longer active, all authentication methods are managed via unified policy.
QWhy is Complete Authentication Methods Policy Migration important for Microsoft 365 security?▼
The legacy per-user MFA system cannot be centrally managed or monitored. Migrating to the unified Authentication Methods policy enables centralized control over passkeys, FIDO2, and all MFA methods.
QHow do I implement ID-06 in my tenant?▼
ID-06 requires manual implementation. Migration requires Entra Admin Center: Protection > Authentication methods > Policies
QWhat license do I need for ID-06?▼
This control can be implemented with any Microsoft 365 subscription, including free Azure AD.
QWhich security baseline includes ID-06?▼
ID-06 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.
5
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial