Forum Discussion
MFA without a Cellphone
This is becoming a bigger issue more and more. We cannot, as a company, require our Employees to use a personal cellphone to get text codes or install work apps to authenticate our work accounts. ...
How does setting up a secondary email account for password resets relate to MFA? Our issue is as soon as you enable MFA on an account, you only have 2 options: Authenticator App or Mobile Phone number. You cannot enter an email address during the setup.
How about to voice call ?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
=========================================
Available verification methods
When a user signs in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure AD Multi-Factor Authentication verification methods, or the user can access their own My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:
Microsoft Authenticator app
OATH Hardware token
SMS
Voice call
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
=========================================
Available verification methods
When a user signs in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure AD Multi-Factor Authentication verification methods, or the user can access their own My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:
Microsoft Authenticator app
OATH Hardware token
SMS
Voice call
- We're not seeing the option for a voice call. Also, if we did have this option and we use the user's Teams phone number as the voice call (since there is no cellphone and there is no office line as that is also Teams Auto Attendant), what happens when Teams needs to reauthenticate? Will the incoming call still work when the app won't launch because it needs to be reauthenticated?
We, nor most people anymore, have an office line with a receptionist that can answer.- Agree with MG! It seems there is a huge oversight (or perhaps undersight) by Microsoft on this. Recently, I've even had MFA options that are indeed set up on my account not even get presented as an option. This is super frustrating and I think it's going to drive people away from using MFA. It's like the old joke "User: I cannot log into my email, my password is bad. Support: Check your email for the new password."
- You could consider using hardware tokens for MFA, this feature is currently in Preview: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens#oath-hardware-tokens-preview
You could purchase and distribute those tokens to your users, so they don't need to use a mobile phone. They use the token instead.
For OATH authentication do we have software token method? Vicks1x365
