Forum Discussion

Rosine_LEROY's avatar
Rosine_LEROY
Copper Contributor
Oct 28, 2024

OTP Code via SMS from non microsoft number

Hi Microsoft Team, Good day! For a few weeks now, many people around me have been receiving their OTP code for MFA via SMS often from unknown senders (non-Microsoft phone number). The sender of the ...
MFA
ehalmiTke's avatar
ehalmiTke
Copper Contributor
Oct 30, 2024
Hello Rosine,

Thank you for raising this concerning situation. I would suggest to utilize Sign-in logs and filtering in the reported users. In there, you may see what attributes such as device type, application and location so you can better understand if the sign-in attempts are suspicious (for example unknown location). Additionally, you may utilize Identity Protection > Report > Risky users/risky sign-ins. Within there, you may see what Azure has supposedly understood about the user's sign-in, determine if it's thread actor and remediate by changing password for the user.

Relevant Document: https://learn.microsoft.com/en-us/entra/id-protection/id-protection-dashboard

Let me know if questions arise or how it goes.
  • Rosine_LEROY's avatar
    Rosine_LEROY
    Copper Contributor
    Oct 31, 2024
    Actually, we already investigate the Sign-in Logs and haven't found any suspicious attempt or even unfamiliar successfull logons for the accounts that received these OTP SMS from non-Microsoft phone number. We would like to know if it is normal (expected) to receive an OTP code from a non-Microsoft number, from WhatsApp, from SIMBoss ... ?
    Many thanks in advance for your answers. Kind regards, Rosine
    • ehalmiTke's avatar
      ehalmiTke
      Copper Contributor
      Nov 01, 2024
      Hello,

      Microsoft usually doesn't send OTP codes over third-party such as WhatsApp. This may be simple SMS-phishing, especially if there is a link or urgency.

      SMS OTP is always sent over phone number and it looks like the following parsing:
      Use verification code ###### for Microsoft authentication.
      • DORDI's avatar
        DORDI
        Copper Contributor
        Feb 04, 2026

        I would like to note that, as someone responsible (among other things) for user authentication through Entra ID, I can confirm that Microsoft does often send verification codes via WhatsApp, and not always with the sender ID displayed as “Microsoft”.

        We would also appreciate understanding the criteria Microsoft uses to decide whether an OTP is sent through WhatsApp or SMS, and which messaging provider is used in each case.

        We frequently receive complaints from users who do not receive their verification code, and currently we have no visibility into whether Microsoft attempted to send the code via regular SMS or via WhatsApp, nor the reason why the user did not receive the message.

        Any guidance or documentation that clarifies this flow would be very helpful.