Forum Discussion
OTP Code via SMS from non microsoft number
Hi Microsoft Team, Good day! For a few weeks now, many people around me have been receiving their OTP code for MFA via SMS often from unknown senders (non-Microsoft phone number). The sender of the ...
Hello Rosine,
Thank you for raising this concerning situation. I would suggest to utilize Sign-in logs and filtering in the reported users. In there, you may see what attributes such as device type, application and location so you can better understand if the sign-in attempts are suspicious (for example unknown location). Additionally, you may utilize Identity Protection > Report > Risky users/risky sign-ins. Within there, you may see what Azure has supposedly understood about the user's sign-in, determine if it's thread actor and remediate by changing password for the user.
Relevant Document: https://learn.microsoft.com/en-us/entra/id-protection/id-protection-dashboard
Let me know if questions arise or how it goes.
Thank you for raising this concerning situation. I would suggest to utilize Sign-in logs and filtering in the reported users. In there, you may see what attributes such as device type, application and location so you can better understand if the sign-in attempts are suspicious (for example unknown location). Additionally, you may utilize Identity Protection > Report > Risky users/risky sign-ins. Within there, you may see what Azure has supposedly understood about the user's sign-in, determine if it's thread actor and remediate by changing password for the user.
Relevant Document: https://learn.microsoft.com/en-us/entra/id-protection/id-protection-dashboard
Let me know if questions arise or how it goes.
- Actually, we already investigate the Sign-in Logs and haven't found any suspicious attempt or even unfamiliar successfull logons for the accounts that received these OTP SMS from non-Microsoft phone number. We would like to know if it is normal (expected) to receive an OTP code from a non-Microsoft number, from WhatsApp, from SIMBoss ... ?
Many thanks in advance for your answers. Kind regards, Rosine- Hello,
Microsoft usually doesn't send OTP codes over third-party such as WhatsApp. This may be simple SMS-phishing, especially if there is a link or urgency.
SMS OTP is always sent over phone number and it looks like the following parsing:
Use verification code ###### for Microsoft authentication.
