Forum Discussion
Solved
Office 365 MFA using code sent to email, instead of getting request on Microsoft Authenticator
I am working on a tenant which have 400++ sites, and we need to force this permission settings for external user sharing:-
Set the share permissions on all sites to allow for only external users if they are invited by email and requires MFA for a code sent to their email to authenticate
So is this something we can achieve, to force the MFA code to be sent to email rather than mobile phone?
Second question, If the answer to the above question is Yes, then will this need to be done on the site level or on the tenant level? If this need to be set on each site separately, then can we do this using Power shell, where we can loop through all the sites inside the Power-shell, but how we can set this setting using Power shell?
- Hello john john,
The available verification methods are these
Available verification methods
When users sign in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. Users can access My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:
Microsoft Authenticator app
Windows Hello for Business
FIDO2 security key
OATH hardware token (preview)
OATH software token
SMS
Voice call
source https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
And about e-mail, it can be used only for password reset:
Email account
Password reset authentication only. You'll need to choose a different method for two-factor verification.
https://support.microsoft.com/en-us/account-billing/set-up-an-email-address-as-your-verification-method-250b91e4-7627-4b60-b861-f2276a9c0e39
1 Reply
- Hello john john,
The available verification methods are these
Available verification methods
When users sign in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. Users can access My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:
Microsoft Authenticator app
Windows Hello for Business
FIDO2 security key
OATH hardware token (preview)
OATH software token
SMS
Voice call
source https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
And about e-mail, it can be used only for password reset:
Email account
Password reset authentication only. You'll need to choose a different method for two-factor verification.
https://support.microsoft.com/en-us/account-billing/set-up-an-email-address-as-your-verification-method-250b91e4-7627-4b60-b861-f2276a9c0e39