Forum Discussion
SSPR - Disable Phone Call authentication method (SMS ONLY)
Hi folks! Im working with a big client where we are rolling out SSPR combined experience where we in a few weeks are planning to enforce registration with a minimum of 2 authentication methods (...
HelloJBergqvist !
I cant really see a way to block phonecalls but keep SMS if since like Microsoft said, this is by design.
I would suggest that you remove the Phonecall/SMS as a method and just use the app/Verification code as a method.
Or maybe poke around in Conditional access policies to see if it's possible to control it from there.
Spoofing/forwardning numbers is a big issue really, but hard to protect against.
One security setting we've done is to only allow SSPR and MFA registration from inside our country, this to avoide spoofed/forwarded numbers etc.
Hope this helps.
Kind Regards
Oliwer Sjöberg