cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Upcoming changes to managing MFA methods for hybrid customers
By
Alex Simons (AZURE)
Published Jan 28 2021 09:00 AM 17.1K Views
Alex Simons (AZURE)
Microsoft
‎Jan 28 2021 09:00 AM

Upcoming changes to managing MFA methods for hybrid customers

‎Jan 28 2021 09:00 AM

Howdy folks!

 

In November, I shared that we’re simplifying the MFA management experience to manage all authentication methods directly in Azure AD. This change has been successfully rolled out to cloud-only customers. To make this transition smooth for hybrid customers, starting February 1, 2021, we will be updating the authentication numbers of synced users to accurately reflect the phone numbers used for MFA.

 

Daniel Wood, a Program Manager on the Identity Security team will share the details of this change for hybrid customers. As always, please share your feedback in the comments below or reach out to the team with any questions.

 

Best regards,

Alex Simons (Twitter: Alex_A_Simons)

Corporate Vice President of Program Management

Microsoft Identity Division

 

 

---------------------------------------------------------

 

 

Hi everyone,

 

It’s never been more important to enforce MFA. As part of our efforts to make hybrid MFA deployments simpler and more secure, we’ll be updating empty authentication numbers with users’ public phone numbers if those numbers are being used for MFA. This change doesn’t affect the end user experience, but here’s what you’ll see as an admin after February 1:

 

Changes to user records

Starting February 1, 2021, for synced users who are using public profile numbers for MFA, Microsoft will copy the public number to users’ corresponding authentication number. Once the authentication number is populated, the MFA service will call that authentication number, instead of the public number. Microsoft will copy subsequent changes to the public number over to the authentication number until May 1, 2021 (except deletions of the public number).

 

Managing users’ authentication numbers

Going forward, you can manage your users’ authentication numbers directly in Azure AD using:

 

1. The user authentication methods UX

bh1.png

 

2. Microsoft Graph authentication methods APIs

bh2 (3).png

 

 

3. Microsoft.Graph.Identity.Signins PowerShell module

bh3 (2).png

 

 

4. End users can update their authentication numbers in the security info tab of MyAccount.

bh4.png

 

 

We hope these changes will significantly simplify how users and admins manage their authentication methods while enhancing security. Please let us know your thoughts by leaving a comment below.

 

Best,

Daniel Wood (Twitter: Daniel_E_Wood)

Program Manager,

Microsoft Identity Division

 

10 Comments
Version history
Last update:
‎Aug 19 2021 04:22 PM
Updated by: