One step closer to modernization: The MFA Server Migration Utility

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Hi folks! 


We are always working to keep maximize your security and productivity. We focus on solutions to make modernization as easy as possible. As customers work towards modernizing security by adopting Azure AD, they have told us they need help migrating from on-premises MFA Server to cloud-based Azure MFA. This gets them a bunch of simplification – they can retire their on-premises MFA Server *and* the ADFS deployment needed to support it. Today, I am excited to announce the availability of the new Azure MFA Server Migration Utility, which we hope will make your modernization journey much easier!


Since July of 2019, we have blocked new downloads of the on-premises MFA Server, reflecting the fact the Azure MFA is our premier MFA experience, offering lower TCO, simpler deployment, better security, and many more features than the MFA Server. The Azure MFA Server Migration Utility makes it easy for admins to take advantage of these advances and modernize their infrastructure by migrating their users from on-premises Azure MFA Server to Azure MFA.


There are two pieces to this tool:

  • The Azure MFA Server Migration Utility facilitates the migration of user authentication data stored on-premises, directly into Azure AD, all without requiring any re-registration or action from their end-users.  It is included in the latest update of Azure MFA Server.
  • Staged Rollout for Azure MFA functionality within Azure AD, allowing admins to selectively test and move users to Azure MFA without requiring any changes to federation settings.


Getting started 


Step 1: Upgrade your primary Azure MFA Server


Install the latest Azure MFA Server update on your primary Azure MFA Server. If the remaining machines in your MFA Server deployment are running on version 6.1.0 or higher, no other servers need to be upgraded.


Step 2: Target users for migration


Once installed, open the new Migration Utility.




Migrating user data is as easy as selecting the Azure AD group containing users (or nested groups of users) you wish to migrate, defining the various registered MFA methods that should be moved to Azure AD, and then clicking “Migrate Users”.


Step 3: Target users for Azure MFA


Once user data has been migrated, use Staged Rollout for Azure MFA to ease migrations by determining which users should use Azure MFA, based on targeted group membership:




Since no changes to your tenant or federation settings are required, carrying out testing is extremely low-risk and can be done with as many or as few users as you wish.


Once testing and migrations have been completed, you can quickly and easily retire your entire MFA Server deployment, instantly reducing infrastructure and maintenance costs, while boosting the availability and reliability of your MFA Service. Head on over to the MFA Server Migration documentation page to get started!


As always, we’re excited to get your feedback and learn from you!


-Alex Weinert, Director of Identity Security (Twitter:@alex_t_weinert)


Learn more about Microsoft identity:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.