On the 30th September 2025, Microsoft is retiring legacy MFA and replacing it with an Authentication Methods Policy
So what was wrong with Legacy MFA?
As Microsoft suggests “MFA reduces the risk of compromise by 98.56% in cases of leaked credentials”.
MFA has now moved on, from the legacy “on or off” per user to having the ability to use a combination of MFA methods, providing different strengths with good, better and best approach depending on the users role.
Below are the methods that dictate the strength of MFA.
Medium assurance (SMS or One Time Password or Microsoft Authenticator or Windows Hello For Business or Certificate-based Authentication or Passkeys)
High assurance (Microsoft Authenticator or Windows Hello For Business or Certificate-based Authentication or Passkeys
Phishing-resistant MFA (Windows Hello For Business or Certificate-based Authentication or Passkeys (FIDO2) Your strategic plan, should be to ensure all your administrator accounts have the best protection available by levering phishing-resistant MFA.
Perhaps your standard user accounts don’t need the same level of protection, however, if your organisation has experienced an account breach, it may be time to adopt a better strength of MFA.
Get in touch with IT Lifeline if you want advice to ensure you are not caught out in 2025.
https://itlifeline.co.uk/online-bookings
Thank you for your time. Mark