Microsoft Entra ID: Retirement of Custom Controls in Conditional Access and migration to External MFA
🚨 The Signal: Microsoft Entra ID is replacing Conditional Access Custom Controls with External MFA for third-party MFA. This standardises integration, improving security and supportability for organisations using non-Microsoft MFA solutions.
The Impact
Organisations using Custom Controls for third-party MFA face a mandatory migration to External MFA, improving authentication security.
- Security Teams: Must plan and execute migration of Conditional Access policies.
- Entra ID Admins: Will reconfigure Conditional Access policies to use External MFA.
- Third-party MFA users: Experience a more standardised and secure authentication flow.
- Organisations: Benefit from improved long-term support and interoperability.
The Action
- Identify Conditional Access policies currently using Custom Controls.
- Review documentation for migrating Custom Controls to External MFA.
- Configure External MFA as an authentication strength in Microsoft Entra ID.
- Update Conditional Access policies to leverage External MFA for third-party MFA providers.
- Test updated Conditional Access policies thoroughly before full deployment.
Domain: Entra · Impact: high · Workload: Entra ID · Essential Eight: Multi-Factor Authentication · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0974, ISM-1173, ISM-1228, ISM-1401, ISM-1504, ISM-1505, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1815, ISM-1819, ISM-1872, ISM-1873, ISM-1874, ISM-1892, ISM-1893, ISM-1894, ISM-1906, ISM-1907