Forum Discussion

Jtaber's avatar
Jtaber
Copper Contributor
Apr 16, 2020

Standard users not getting SMS as an MFA verification option - Only getting App

My users get an error: Additional security verification Mobile app verification option is not enabled for your organization. Contact your IT admin. My global admin can setup SMS verification no problem but standard users do not get the option. I've enabled in within the MFA settings. I have users that do not have smart phones and only receive texts. Can anyone tell me why this error is coming up for non admin users? where can I enable sms as an option for verification for standard users? Could this be because I have them setup with AD Connect syncing passwords from AD? I wouldn't think so because ultimately it's still AAD that is authenticating them.

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor

    HI Jtaber,

     

    Could you check the setting in screenshot attached exist in your tenant?

     

    Thanks!

    Moe

    • Jtaber's avatar
      Jtaber
      Copper Contributor

      VasilMichev,

      Thanks for the quick reply.  I've toggled this off and now my users have the option to use a phone after I enable MFA for them individually.

      I'd prefer to keep best practices (IE: Default Security) but this instance forces me to disable it so that I can toggle on SMS for a user without a smart phone - YUP - I found someone that seriously doesn't have a smart phone.   🙂

      That being said, and I'd like to maintain default security for them.  Is there any suggestions or resources you may direct me to for best practices that I may read or educate myself with for current best practices?

       

      Thanks again for the quick response - this was very helpful.

       

      John

       

      • The article above details which settings exactly the "security defaults" configure. They are mostly intended for smaller shops, and as long as you have Azure AD P1 or equivalent licenses, you can ignore them and configure Conditional access policies instead, which give you a lot more flexibility.

Resources