Forum Discussion

7 Replies

  • ChristianBergstrom's avatar
    ChristianBergstrom
    Silver Contributor
    Feb 04, 2021

    JamesRV Hi, you can choose the available options in the MFA service settings https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#mfa-service-settings

     

    And you also have the preview https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone

    • JamesRV's avatar
      JamesRV
      Brass Contributor
      Feb 04, 2021

      ChristianBergstrom 
      Thank you for your response.  I do know how to enable MFA methods. 

      We are trying to see if we can "Force Authenticator as a method that cannot be removed." 

      When you have multiple options available like authenticator/text/phone call the user can "delete/remove" authenticator and use only text/phone.  
      We want to ensure that Authenticator is Always the primary and couple of other options as secondary.

      I do not see any documentation to be able to do this.

      • ChristianBergstrom's avatar
        ChristianBergstrom
        Silver Contributor
        Feb 04, 2021
        Well, if you remove the other options under MFA service settings.

        From the Preview link.
        ”Azure AD lets you choose which authentication methods can be used during the sign-in process. Users then register for the methods they'd like to use.”

        You can always select the ”Use a password instead” link on the sign-in page to switch back to using your password, and the other way around.

        https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-auth-app-sign-in

Resources