ID-06Moderate

How to Fix: Complete Authentication Methods Policy Migration

Step-by-step guide to implement complete authentication methods policy migration in your Microsoft 365 environment.

See your drift in 5 minutesAuto-remediate ID-06 on your tenant

Free baseline scan · No credit card · 5 minute setup

20-30 minutes

Estimated Time

4

Steps

high

Severity

Recommended Secure

Baseline Level

Why This Matters

The legacy per-user MFA system cannot be centrally managed or monitored. Migrating to the unified Authentication Methods policy enables centralized control over passkeys, FIDO2, and all MFA methods.

Prerequisites

  • 1Global Administrator or appropriate admin role in Microsoft Entra ID
  • 2Access to Microsoft Entra admin center (entra.microsoft.com)

Expected Configuration

  • Authentication methods policy migration state is "migrationComplete"
  • Legacy per-user MFA settings are no longer active
  • All authentication methods are managed via unified policy

Remediation Steps

1

Assess Current Identity Configuration

Review your current identity settings in Microsoft Entra ID.

  • Navigate to Microsoft Entra admin center
  • Go to Identity > Users or relevant section
  • Review current configuration
2

Plan Required Changes

Determine what modifications are needed.

  • Compare current state to expected configuration
  • Identify affected users or groups
  • Plan rollout strategy
3

Apply Configuration

Implement the required identity configuration changes.

  • Update relevant settings
  • Configure policies as needed
  • Apply changes to affected scope
4

Validate Changes

Confirm the configuration meets requirements.

  • Run TrueConfig scan
  • Verify expected behavior
  • Monitor for any issues

Related Resources

Automate Your Security Configuration

TrueConfig scans your Microsoft 365 environment on a schedule you control and, with safety gates, can fix configuration drift automatically. Start your free trial today.

Start Free Trial