Forum Discussion
MFA without a Cellphone
This is becoming a bigger issue more and more. We cannot, as a company, require our Employees to use a personal cellphone to get text codes or install work apps to authenticate our work accounts. ...
How about to voice call ?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
=========================================
Available verification methods
When a user signs in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure AD Multi-Factor Authentication verification methods, or the user can access their own My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:
Microsoft Authenticator app
OATH Hardware token
SMS
Voice call
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
=========================================
Available verification methods
When a user signs in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure AD Multi-Factor Authentication verification methods, or the user can access their own My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:
Microsoft Authenticator app
OATH Hardware token
SMS
Voice call
We're not seeing the option for a voice call. Also, if we did have this option and we use the user's Teams phone number as the voice call (since there is no cellphone and there is no office line as that is also Teams Auto Attendant), what happens when Teams needs to reauthenticate? Will the incoming call still work when the app won't launch because it needs to be reauthenticated?
We, nor most people anymore, have an office line with a receptionist that can answer.
We, nor most people anymore, have an office line with a receptionist that can answer.
- Agree with MG! It seems there is a huge oversight (or perhaps undersight) by Microsoft on this. Recently, I've even had MFA options that are indeed set up on my account not even get presented as an option. This is super frustrating and I think it's going to drive people away from using MFA. It's like the old joke "User: I cannot log into my email, my password is bad. Support: Check your email for the new password."
- You could consider using hardware tokens for MFA, this feature is currently in Preview: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens#oath-hardware-tokens-preview
You could purchase and distribute those tokens to your users, so they don't need to use a mobile phone. They use the token instead.- There are plenty of hardware tokens available that are compatible with Microsoft - e.g. https://deepnetsecurity.com/authenticators/one-time-password/safeid/hardware-mfa-tokens-office-365-azure-multi-factor-authentication/
You will need to ensure that they are TOTP tokens (either 30 or 60 seconds), that you upload the seed data to Microsoft (including UPN details), and activate the tokens.
