Disable approval popup in MS Authenticator app
Hi,
I have a tenant with MFA setup on all accounts and most people have used the Microsoft Authenticator app. Unfortunately someone was silly enough to press approve on their phone when they weren't getting prompted on their PC, and let a hacker in who knew their password. We're trying to educate them better but still I'd like to remove the feature where the they get that popup in the MS Auth app, and make them have to get a code from the app only so they can't accidentally let a hacker in. Can I do this by powershell somehow? I have 50+ users in this tenant and other tenants I may want to change too so not viable to ask them all to setup their MFA again a different way.
Running powershell reports shows they all have two MFA methods of PhoneAppNotification and
PhoneAppOTP and so I assume I just need to remove PhoneAppNotification.
I found a script in the below thread to switch the default, but I assume that means a hacker could still try the other method and make their app do a approval popup, I want it removed.
$m1=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m1.IsDefault = $true
$m1.MethodType="PhoneAppNotification"
$m2=New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$m2.IsDefault = $false
$m2.MethodType="PhoneAppOTP"
$m=@($m1,$m2)
set-msoluser -Userprincipalname "UPN" -StrongAuthenticationMethods $m
Thanks