cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

MFA, Can not change from SMS to Authenticator app

vtekfi
Copper Contributor

‎Aug 22 2021 08:16 AM

‎Aug 22 2021 08:16 AM

MFA, Can not change from SMS to Authenticator app

Hello,

 

I have an issue with MFA within my tenant. We have been using SMS based MFA for some time now. We would like to move to the Microsoft Authenticator App for MFA.

But for some reason, when a user goes in to his / hers "security info" page. They see as the "Default sign-in method:" as "Phone text".

 

The authenticator app is configured for a user, they can not set is as default.

 

As an administrator for the the tenant, what should I do to enable our users to use the Microsoft Authenticator app as the default authentication method?

Labels:
23.9K Views
1 Like
9 Replies
Reply
9 Replies
ChristianJBergstrom

‎Aug 22 2021 11:21 AM - edited ‎Aug 22 2021 11:41 AM

‎Aug 22 2021 11:21 AM - edited ‎Aug 22 2021 11:41 AM

Re: MFA, Can not change from SMS to Authenticator app

Hello, the easy and quick way is to enable Security defaults Azure Active Directory security defaults | Microsoft Docs (only the Authenticator app) but if you're using a subscription with conditional access for more granular control you should enter the Azure AD MFA settings to verify the authentication methods you provide to your users Configure Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs

 

Set up the Microsoft Authenticator app as your verification method - Azure AD | Microsoft Docs

0 Likes
Reply
vtekfi

‎Aug 23 2021 04:21 AM

‎Aug 23 2021 04:21 AM

Re: MFA, Can not change from SMS to Authenticator app

@ChristianJBergstromThanks for the reply.

 

I checked and confirmed that Security defaults is turned on. There is no conditional access set up. All licenses are either Business Basic or Business Standard. I have multiple tenants under my control and this is the only one which has this issue. Like said, users can setup the Microsoft Authenticator app, but can not se it as the default sign-in method.

0 Likes
Reply
ChristianJBergstrom

‎Aug 23 2021 04:46 AM - edited ‎Aug 23 2021 05:14 AM

‎Aug 23 2021 04:46 AM - edited ‎Aug 23 2021 05:14 AM

Re: MFA, Can not change from SMS to Authenticator app

Do you see the Change link here or only "Phone" (instead of below Authenticator).

https://mysignins.microsoft.com/security-info

 

ChristianJBergstrom_0-1629719579225.png

 

What makes me wonder is "these free security defaults allow registration and use of Azure AD Multi-Factor Authentication using only the Microsoft Authenticator app using notifications."

 

Thinking you might hit a bug or something. Perhaps raise a case with Microsoft?

0 Likes
Reply
best response confirmed by vtekfi (Copper Contributor)
vtekfi

‎Aug 23 2021 05:39 AM

‎Aug 23 2021 05:39 AM

Solution

Re: MFA, Can not change from SMS to Authenticator app

Hi,
I went and did some more research on the Azure admin center. Found out that in the "Security" section -> "Manage" -> "Authentication Methods" -> Microsoft Authenticator was turned off.

After enabling it, I can now change the default sign-in method.

Thanks for your help!
1 Like
Reply
ChristianJBergstrom

‎Aug 23 2021 05:50 AM

‎Aug 23 2021 05:50 AM

Re: MFA, Can not change from SMS to Authenticator app

Great. No worries. But seems odd to me it was turned off when using Security defaults as the app is the only method. I mean, you didn't have to do this on your other tenants right? I will probably do a test later on to see the outcome.
0 Likes
Reply
vtekfi

‎Aug 23 2021 05:56 AM

‎Aug 23 2021 05:56 AM

Re: MFA, Can not change from SMS to Authenticator app

Yes, you are correct. This was the only tenant having this issue. Others have worked fine. Bit odd, like you said.
1 Like
Reply
ChristianJBergstrom

‎Aug 23 2021 06:59 AM

‎Aug 23 2021 06:59 AM

Re: MFA, Can not change from SMS to Authenticator app

Just tried with a tenant already using Security defaults, that is I turned it off and also disabled the Authenticator method to see if anything changed in the Authentication methods settings when I turned on Security defaults again. But no. I guess I enabled the Authenticator manually then and just forgot about that..
0 Likes
Reply
IftyMM_06

‎Jun 06 2022 08:46 AM

‎Jun 06 2022 08:46 AM

Re: MFA, Can not change from SMS to Authenticator app

There is an even easier solution.

I tried Clerk Chat. They enable a non-voip number on Teams and I get all my MFA codes on that number directly on teams.

It's really handy. :smiling_face_with_smiling_eyes:
0 Likes
Reply
Des_Shiels

‎Mar 07 2023 05:18 AM

‎Mar 07 2023 05:18 AM

Re: MFA, Can not change from SMS to Authenticator app

@IftyMM_06

Unless you're using Conditional Access Policies to require MFA to log into Teams as well via Modern Auth client Apps - then you're in a world of hurt as you'll need to Authenticate via MFA in order to log into Teams to get your codes (chicken and egg scenario) 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by vtekfi (Copper Contributor)
vtekfi

‎Aug 23 2021 05:39 AM

‎Aug 23 2021 05:39 AM

Solution

Re: MFA, Can not change from SMS to Authenticator app

Hi,
I went and did some more research on the Azure admin center. Found out that in the "Security" section -> "Manage" -> "Authentication Methods" -> Microsoft Authenticator was turned off.

After enabling it, I can now change the default sign-in method.

Thanks for your help!

View solution in original post

1 Like
Reply