cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MFA without a Cellphone

luvsql
Super Contributor

‎Mar 09 2021 12:51 PM

‎Mar 09 2021 12:51 PM

MFA without a Cellphone

This is becoming a bigger issue more and more.  We cannot, as a company, require our Employees to use a personal cellphone to get text codes or install work apps to authenticate our work accounts.

 

We supply these users with a Business Voice license so they can make business calls and accept business calls.

 

All of our employees have corporately paid laptops running Windows 10 and all have SharePoint, Email, OneDrive, Teams etc.

 

Microsoft does not offer the authenticator app on Windows 10 so we can't use that method.

So what do we do?  Leave all these accounts vulnerable?  I've read about using "landlines" for authentication then Microsoft says that's not secure but then provides no guidance on exactly how we're supposed to do this.  

 

We cannot be expected to pay for a cellphone for all these users just to use one app. That's ridiculous.  

Labels:
125K Views
2 Likes
72 Replies
Reply
72 Replies
PJAngert005

‎Dec 06 2022 12:39 PM

‎Dec 06 2022 12:39 PM

Re: MFA without a Cellphone

@Danny69 Except that both come back to being tied to a mobile device versus other software authentication, which defeats the point of the conversation.

0 Likes
Reply
sathiyatam26

‎Dec 06 2022 01:08 PM

‎Dec 06 2022 01:08 PM

Re: MFA without a Cellphone

looking for 3rd party authenticator app, it should not open source
Except MS authenticator because users are not allowing to user mobile phone
0 Likes
Reply
Thinker1800

‎Jan 04 2023 07:27 AM - edited ‎Jan 04 2023 07:28 AM

‎Jan 04 2023 07:27 AM - edited ‎Jan 04 2023 07:28 AM

Re: MFA without a Cellphone

@sathiyatam26  @luvsql 
Has anyone found a solution for this problem? I am an employee and want to access MFA, but I seek to do so without using a personal cell phone.

0 Likes
Reply
PJAngert005

‎Jan 04 2023 07:35 AM

‎Jan 04 2023 07:35 AM

Re: MFA without a Cellphone

I don't understand why M$ can't provide a desktop app that provides the same service as the mobile one. Should be a slam dunk really.

0 Likes
Reply
Christopher Knoerzer

‎Jan 04 2023 10:34 AM

‎Jan 04 2023 10:34 AM

Re: MFA without a Cellphone

@PJAngert005

Yes, there is a way.

You can have Windows devices enrolled to Intune (MEM) and use OTP (One-time Password) and FIDO2 Keys. Just recently started down this path with a customer.

 https://www.youtube.com/watch?v=OjfdFPIu2KI

0 Likes
Reply
Christopher Knoerzer

‎Jan 04 2023 10:36 AM

‎Jan 04 2023 10:36 AM

Re: MFA without a Cellphone

Here is a solution to this issue.
https://www.youtube.com/watch?v=OjfdFPIu2KI
0 Likes
Reply
luvsql

‎Jan 04 2023 10:44 AM

‎Jan 04 2023 10:44 AM

Re: MFA without a Cellphone

Do we HAVE to go passwordless for this to work? We have to pre-setup all of our users and their PCs and apps and have to have a password for this to work.
0 Likes
Reply
it-lett

‎Jan 22 2023 02:20 PM

‎Jan 22 2023 02:20 PM

Re: MFA without a Cellphone

For at least some setups, it is possible to use a computer based OTP TOTP/otpauth based authentication system. Microsoft's MFA signup will give a QR code to transfer the "shared secret" to the Authentication App of your choice, and it will also have a "I can't scan the bar code" link that will lead to the "shared secret" that you need.

 

For example, here are instructions on how to set up "OTP Manager" for Microsoft 365 from Laval university: https://www4.fsa.ulaval.ca/en/current-students/apti-help-desk/how-tos-tips/multifactor-authenticatio...

 

Additionally, many password manager programs (such as KeepassXC have TOTP generation built in, so if you give that software the "secret key" it can generate the needed codes. Here are instructions for KeepassXC:

 

https://keepassxc.org/docs/KeePassXC_UserGuide.html#_adding_totp_to_an_entry

 

I am using these methods to do MFA on two of my different Microsoft 365 accounts - one for a small company account, one for a university account. I don't think a cell phone was needed to set either up, but that was a while ago. I DO have a cell number as an alternative method, but I primarily use my password manager to generate the TOPT codes.

 

 

 

 

0 Likes
Reply
saucyknave

‎Mar 31 2023 07:58 AM - edited ‎Mar 31 2023 07:59 AM

‎Mar 31 2023 07:58 AM - edited ‎Mar 31 2023 07:59 AM

Re: MFA without a Cellphone

We're an agricultural manufacturer in North Dakota and I am the entire IT department here. I started getting these same warnings 5 days ago, so Security Defaults are going to be turned on in 10 days. I'm freaking out because we have people working here who don't even HAVE cell phone, and sales reps in the US and Canada. I'm fine if Security Defaults automatically configures to NOT prompt for MFA for anyone on-site (on the local network), but what about my sales reps? By the way, one of my sales reps has a old-school "feature" phone (aka not a smartphone) and is one of the guys who hates new technology.
Something tells me I'm between a rock and a hard place: Either I deal with the ridiculous fallout of forced MFA, or I pay extra to enable Conditional Access and simply turn off MFA across the board. UGH.

1 Like
Reply
tfrain

‎May 22 2023 12:02 PM

‎May 22 2023 12:02 PM

Re: MFA without a Cellphone

I used a Token2 physical token (from a company in Switzerland) that essentially mimics a secondary Auth App (like google authenticator).  When prompted for 2FA, you select alternate authenticator, you scan the QR code into their app, hold the token close to your cell phone and it basically transfers hash to the physical token.  We did not have to upgrade our Azure accts to P1 or P2 because to Azure, you are using Google Authenticator and the like.  Worked great for a user on the floor who didn't have a desk phone for office phone auth, and we don't allow cell phones on the production floor.  Was quick and easy.  You can Google Token2.  There is at least one party who has them on Amazon.   

 

Only issue is when the user is prompted, it tells them to put in their Auth App code.  You just explain to them that it is asking for the number on the token, not something on their phone.

0 Likes
Reply
louis2again

‎May 28 2023 01:39 AM

‎May 28 2023 01:39 AM

Re: MFA without a Cellphone

@tfrain @luvsql @saucyknave @Kidd_Ip @it-lett why has noone suggested Authy? Works like a charm for me.

0 Likes
Reply
it-lett

‎May 28 2023 05:11 AM

‎May 28 2023 05:11 AM

Re: MFA without a Cellphone

@louis2again 

 

I have not considered Authy. A quick search turns up:

 

https://usa.kaspersky.com/blog/2fa-practical-guide/16398/

"The main disadvantage of Authy is that it requires you to set up an account linked to a mobile phone number — otherwise it won't work at all."

 

Since this particular thread is "MFA without a Cellphone" that is probably a non-starter.

1 Like
Reply