Forum Discussion
OTP Code via SMS from non microsoft number
Hi Microsoft Team, Good day! For a few weeks now, many people around me have been receiving their OTP code for MFA via SMS often from unknown senders (non-Microsoft phone number). The sender of the ...
Hello Rosine,
Thank you for raising this concerning situation. I would suggest to utilize Sign-in logs and filtering in the reported users. In there, you may see what attributes such as device type, application and location so you can better understand if the sign-in attempts are suspicious (for example unknown location). Additionally, you may utilize Identity Protection > Report > Risky users/risky sign-ins. Within there, you may see what Azure has supposedly understood about the user's sign-in, determine if it's thread actor and remediate by changing password for the user.
Relevant Document: https://learn.microsoft.com/en-us/entra/id-protection/id-protection-dashboard
Let me know if questions arise or how it goes.
Thank you for raising this concerning situation. I would suggest to utilize Sign-in logs and filtering in the reported users. In there, you may see what attributes such as device type, application and location so you can better understand if the sign-in attempts are suspicious (for example unknown location). Additionally, you may utilize Identity Protection > Report > Risky users/risky sign-ins. Within there, you may see what Azure has supposedly understood about the user's sign-in, determine if it's thread actor and remediate by changing password for the user.
Relevant Document: https://learn.microsoft.com/en-us/entra/id-protection/id-protection-dashboard
Let me know if questions arise or how it goes.