MFA secondary call getting stuck in VOIP auto-receptionist

Occasional Visitor

Can we fix (so we can predict) the originating telephone number for MS authentication calls?

 

For our small office, I want to configure Office 365 MFA's secondary validation method as being a call into our office number. (I know we can use the authenticator app but, for one particular account, that isn't the best solution for us). However, we have an auto-receptionist on our VOIP system with the result that authentication calls from MS time-out whilst in the queue.

 

I can create a rule on our VOIP system which will allow MS authentication calls to by-pass the auto-receptionist: inbound authe tication calls would be directed to a particular handset and, from MS' perspective, the call would only be "answered" when someone pickes up that handset (i.e. the auto-receptionsit would not intervene).

 

My issue is that we need to specify the originating caller ID/phone number in the rule. Our tests have shown that calls from MS originate from a range of numbers.

 

Hence, my question: is there a way to fix the originating number MS will use, so that I can configure my VOIP rule?

 

 

 

1 Reply
I had the same problem with some of my users who did not want to install company apps on their personal phones. I ended up purchasing a hardware-based MFA token because we also had an auto-receptionist that was not compatible (same as you).
There is a place to configure the source caller ID in Azure here:
https://portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/PhoneCallSettin...
But I don't know if this is only for the older Azure MFA server product which is being retired or if it will also work for your Azure AD cloud user. Give it a try and let us know if it worked.
Otherwise, your last resort is the hardware token.
There are many options in the market. The one that I ended up selecting is called Token2, because it was only twenty dollars and is compatible with Azure AD so there is no local server to install.
https://www.token2.com/shop/product/token2-c301-programmable-keyfob-token-with-restricted-time-sync
And then the instructions are here:
https://www.token2.com/site/page/classic-hardware-tokens-for-office-365-azure-cloud-multi-factor-aut...
(The instructions above require Azure AD Premium P1).
If you don't have Azure AD Premium P1 then you need to purchase a USB NFC Burner so you can associate the random number seed on the token with azure as described in the instructions here:
https://www.token2.com/shop/page/hardware-tokens-for-azure-cloud-multi-factor-authentication

If this was helpful please mark as best answer, thanks!