Aug 22 2021 08:16 AM
Hello,
I have an issue with MFA within my tenant. We have been using SMS based MFA for some time now. We would like to move to the Microsoft Authenticator App for MFA.
But for some reason, when a user goes in to his / hers "security info" page. They see as the "Default sign-in method:" as "Phone text".
The authenticator app is configured for a user, they can not set is as default.
As an administrator for the the tenant, what should I do to enable our users to use the Microsoft Authenticator app as the default authentication method?
Aug 22 2021 11:21 AM - edited Aug 22 2021 11:41 AM
Hello, the easy and quick way is to enable Security defaults Azure Active Directory security defaults | Microsoft Docs (only the Authenticator app) but if you're using a subscription with conditional access for more granular control you should enter the Azure AD MFA settings to verify the authentication methods you provide to your users Configure Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs
Set up the Microsoft Authenticator app as your verification method - Azure AD | Microsoft Docs
Aug 23 2021 04:21 AM
@ChristianJBergstromThanks for the reply.
I checked and confirmed that Security defaults is turned on. There is no conditional access set up. All licenses are either Business Basic or Business Standard. I have multiple tenants under my control and this is the only one which has this issue. Like said, users can setup the Microsoft Authenticator app, but can not se it as the default sign-in method.
Aug 23 2021 04:46 AM - edited Aug 23 2021 05:14 AM
Do you see the Change link here or only "Phone" (instead of below Authenticator).
https://mysignins.microsoft.com/security-info
What makes me wonder is "these free security defaults allow registration and use of Azure AD Multi-Factor Authentication using only the Microsoft Authenticator app using notifications."
Thinking you might hit a bug or something. Perhaps raise a case with Microsoft?
Aug 23 2021 05:39 AM
SolutionAug 23 2021 05:50 AM
Aug 23 2021 05:56 AM
Aug 23 2021 06:59 AM
Jun 06 2022 08:46 AM
Mar 07 2023 05:18 AM
Unless you're using Conditional Access Policies to require MFA to log into Teams as well via Modern Auth client Apps - then you're in a world of hurt as you'll need to Authenticate via MFA in order to log into Teams to get your codes (chicken and egg scenario)
Aug 23 2021 05:39 AM
Solution