MFA secondary call getting stuck in VOIP auto-receptionist

Copper Contributor

Can we fix (so we can predict) the originating telephone number for MS authentication calls?


For our small office, I want to configure Office 365 MFA's secondary validation method as being a call into our office number. (I know we can use the authenticator app but, for one particular account, that isn't the best solution for us). However, we have an auto-receptionist on our VOIP system with the result that authentication calls from MS time-out whilst in the queue.


I can create a rule on our VOIP system which will allow MS authentication calls to by-pass the auto-receptionist: inbound authe tication calls would be directed to a particular handset and, from MS' perspective, the call would only be "answered" when someone pickes up that handset (i.e. the auto-receptionsit would not intervene).


My issue is that we need to specify the originating caller ID/phone number in the rule. Our tests have shown that calls from MS originate from a range of numbers.


Hence, my question: is there a way to fix the originating number MS will use, so that I can configure my VOIP rule?




1 Reply
I had the same problem with some of my users who did not want to install company apps on their personal phones. I ended up purchasing a hardware-based MFA token because we also had an auto-receptionist that was not compatible (same as you).
There is a place to configure the source caller ID in Azure here:
But I don't know if this is only for the older Azure MFA server product which is being retired or if it will also work for your Azure AD cloud user. Give it a try and let us know if it worked.
Otherwise, your last resort is the hardware token.
There are many options in the market. The one that I ended up selecting is called Token2, because it was only twenty dollars and is compatible with Azure AD so there is no local server to install.
And then the instructions are here:
(The instructions above require Azure AD Premium P1).
If you don't have Azure AD Premium P1 then you need to purchase a USB NFC Burner so you can associate the random number seed on the token with azure as described in the instructions here:

If this was helpful please mark as best answer, thanks!