Forum Discussion

StephanGee's avatar
StephanGee
Steel Contributor
Mar 24, 2023

Phase out text message / SMS for MFA (no hard break)

Hi everyone,

 

is it possible to phase out SMS in rings? We still have too many users using text message as their first auth method.

We are "nudging" and we are sending campaings "how to change", but we want to get the last ones to change.

Is there any way to just restrict the usage of SMS in ring - so the first ring is 500 employees. The next one 1000 etc. Instead of just switching it to off? We would expect a high amount of service desk calls if we just switch it off.

 

Best regards

Stephan

 

  • StephanGee 

    you can run through this scenario .  

    1. Split the users into security groups , group phase 1 , group phase 2 , etc 
    2. Create an new authentication strength  and select only Password + Microsoft authenticator   

       


       

    3. Create a conditional access policy and target the apps you want and the group of phase 1 for example and in the grant option select Require authentication strength that you created 

       

      is that way you are asking the users to user Microsoft authenticator push notification or password code to validate their MFA . make sure to exclude from any other policy for MFA 

       

    Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

  • which MFA currently you are using the MFA through conditional access policy or the per user MFA ?
      • eliekarkafy's avatar
        eliekarkafy
        MVP

        StephanGee 

        you can run through this scenario .  

        1. Split the users into security groups , group phase 1 , group phase 2 , etc 
        2. Create an new authentication strength  and select only Password + Microsoft authenticator   

           


           

        3. Create a conditional access policy and target the apps you want and the group of phase 1 for example and in the grant option select Require authentication strength that you created 

           

          is that way you are asking the users to user Microsoft authenticator push notification or password code to validate their MFA . make sure to exclude from any other policy for MFA 

           

        Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

Resources