cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Office 365 MFA using code sent to email, instead of getting request on Microsoft Authenticator

john john
Steel Contributor

‎Feb 25 2022 01:53 PM - edited ‎Feb 25 2022 01:55 PM

‎Feb 25 2022 01:53 PM - edited ‎Feb 25 2022 01:55 PM

Office 365 MFA using code sent to email, instead of getting request on Microsoft Authenticator

I am working on a tenant which have 400++ sites, and we need to force this permission settings for external user sharing:-

 

Set the share permissions on all sites to allow for only external users if they are invited by email and requires MFA for a code sent to their email to authenticate

 

So is this something we can achieve, to force the MFA code to be sent to email rather than mobile phone?

 

Second question, If the answer to the above question is Yes, then will this need to be done on the site level or on the tenant level? If this need to be set on each site separately, then can we do this using Power shell, where we can loop through all the sites inside the Power-shell, but how we can set this setting using Power shell?

14.1K Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by john john (Steel Contributor)
Andres Gorzelany

‎Feb 25 2022 04:23 PM

‎Feb 25 2022 04:23 PM

Solution

Re: Office 365 MFA using code sent to email, instead of getting request on Microsoft Authenticator

Hello john john,
The available verification methods are these

Available verification methods
When users sign in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. Users can access My Profile to edit or add verification methods.

The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:

Microsoft Authenticator app
Windows Hello for Business
FIDO2 security key
OATH hardware token (preview)
OATH software token
SMS
Voice call

source https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

And about e-mail, it can be used only for password reset:

Email account
Password reset authentication only. You'll need to choose a different method for two-factor verification.

https://support.microsoft.com/en-us/account-billing/set-up-an-email-address-as-your-verification-met...
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by john john (Steel Contributor)
Andres Gorzelany

‎Feb 25 2022 04:23 PM

‎Feb 25 2022 04:23 PM

Solution

Re: Office 365 MFA using code sent to email, instead of getting request on Microsoft Authenticator

Hello john john,
The available verification methods are these

Available verification methods
When users sign in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. Users can access My Profile to edit or add verification methods.

The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:

Microsoft Authenticator app
Windows Hello for Business
FIDO2 security key
OATH hardware token (preview)
OATH software token
SMS
Voice call

source https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

And about e-mail, it can be used only for password reset:

Email account
Password reset authentication only. You'll need to choose a different method for two-factor verification.

https://support.microsoft.com/en-us/account-billing/set-up-an-email-address-as-your-verification-met...

View solution in original post

1 Like
Reply