cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

O365 - MFA - SMS deletion - question about alternatives

MrWhiteFr
Copper Contributor

‎Jun 28 2023 06:16 AM

‎Jun 28 2023 06:16 AM

O365 - MFA - SMS deletion - question about alternatives

Good morning,

 

First of all sorry if my English is not good, I go through a translator.

 

Concerning Office 365, Microsoft announces very soon the end of the MFA by voice and sms (in summary: removal of the channel by telephone network operator because not secure).

https://m365admin.handsontek.net/changes-to-the-registration-campaign-feature-in-azure-ad/

 

Microsoft strongly recommends the use of Microsoft Authenticator, available only on smartphones.

 

So far I have seen that we can exclude users from the "change method" campaign. But I imagine that at some point this will no longer be possible (as was the case for the transition to modern authentication).

 

Problem: Legally impossible to impose the use of smartphones by our customers. However Microsoft Authenticator is not available on PC.

 

I have seen other solutions such as ADFS with authent by Certificate, but with our small customers it will not pass.

 

Currently I use this application solution with OTP code for small customers, which has the advantage of being installed on a PC unlike Microsoft Authenticator:

 

https://deepnetsecurity.com/otp-authenticator-app/

 

Issues :

 

1 - Will this type of application (OTP challenge) continue to operate based on Microsoft's actions this summer aimed at strengthening the security of their authentication?

 

2 - Do we know until when we can exclude users from the "change of method" campaigns planned from  July 10, 2023 ?

 

Thanking you in advance for your answers

Labels:
6,276 Views
0 Likes
7 Replies
Reply
7 Replies
Vasil Michev

‎Jun 28 2023 08:08 AM

‎Jun 28 2023 08:08 AM

Re: O365 - MFA - SMS deletion - question about alternatives

Microsoft is not disabling the voice/SMS methods currently, they are simply recommending that you switch to another method, where possible. You can opt out of the changes, and for the time being, there is no date that you should be concerned with.
0 Likes
Reply
Kidd_Ip

‎Jun 29 2023 02:55 PM

‎Jun 29 2023 02:55 PM

Re: O365 - MFA - SMS deletion - question about alternatives

@MrWhiteFr 

Office is not going to suspend yet

0 Likes
Reply
MrWhiteFr

‎Jun 30 2023 03:15 AM

‎Jun 30 2023 03:15 AM

Re: O365 - MFA - SMS deletion - question about alternatives

@Kidd_Ip 

Hello gentlemen,

 

First of all, thank you for your reassuring feedback.

 

On the other hand, if today Microsoft does not remove the MFA by SMS, we can be sure that it will happen in the medium term. This is what happened for the obligation to switch to Modern authentication.

 

We can see here in the post of mr Alex Weinert the firm intention of Microsoft to rule out the use of SMS:


https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/it-s-time-to-hang-up-on-phone-t...

 

Also this MFA method change campaign on July 10, 2023 bears witness to this.

 

The problem is that switching methods for a large number of users can take time. So if we had an idea of the timeframe that would help us a lot.

 

Does anyone have any idea when Microsoft will completely cut this method? in 6 months ? 1 year ? 2 years ?

 

Have a nice day and thank you in advance

0 Likes
Reply
Vasil Michev

‎Jun 30 2023 08:47 AM

‎Jun 30 2023 08:47 AM

Re: O365 - MFA - SMS deletion - question about alternatives

When they do decide to pull the plug on it, they will announce it well in advance, including on the Azure AD blog you referenced above.
0 Likes
Reply
Kat-UK

‎Jul 05 2023 05:16 AM

‎Jul 05 2023 05:16 AM

Re: O365 - MFA - SMS deletion - question about alternatives

I've been testing a fairly cheap Thetis Pro FIDO2 Security Key (from Amazon https://www.amazon.co.uk/dp/B0BJP64YTT ) which so far has worked, but still early days. Maybe have a look at those.

Rob
0 Likes
Reply
MrWhiteFr

‎Jul 10 2023 08:26 AM

‎Jul 10 2023 08:26 AM

Re: O365 - MFA - SMS deletion - question about alternatives

Good morning,

 

Thank you all for your responses.
And sorry for the delay in my response, I was on vacation.

 

@Kat-UK
Thank you for your feedback, we have actually tested this type of model, I like this alternative. On the other hand, for the moment, our customers have not yet wanted it. They are afraid that users will lose them. But yeah that's a good idea.

 

@PaVee:
Thank you, great news, I will test. For the moment I do not understand the difference with the authentication by voice call that Microsoft wishes to remove with the sms. But I will test and I will return here in this forum.

 

Good day

0 Likes
Reply
MrWhiteFr

‎Aug 22 2023 09:04 AM

‎Aug 22 2023 09:04 AM

Re: O365 - MFA - SMS deletion - question about alternatives

Good morning,

I come back to this subject because according to communication MC611686 from Microsoft, the new Voice OTP authentication method was to be available in August 2023 for users using the MFA sms or call method.

Currently at the end of August I still do not see any communication from Microsoft to announce the availability of Voice OTP.
And when I check on the user side by adding an MFA method to their account, nothing new.

Do you have any news about the release of the Voice OTP method?

Also I see this will be available for users benefiting from "Microsoft Entra". I have a doubt on the subject. Do users who have subscribed to an Office 365 (Business Basic or Exchange Online P1 for example), benefit from "Microsoft Entra" and therefore benefit from Voice OTP?

Thanking you in advance
0 Likes
Reply