Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Users being prompted for phone despite methods being disabled

Copper Contributor

Recently we pushed a change to disabled authentication with anything except MS Auth app, software OATH, or FIDO2. Despite this, some users (no discernable correlation between them), are being prompted to register their phone number when signing in, and they are still not allowed to use the phone methods (SMS/Voice call) for sign in.

Checking the evaluated authentication policy for these users shows the "Status" for phone methods as being Enabled, however clicking the settings for SMS shows that the method is not usable for sign in.

Just wondering if anyone has experienced similar and would know how to prevent users from being prompted for phone registration in future.

2 Replies
Do you have Registration policy enabled for Password Reset by any chance?
I did check this - we disabled all legacy SSPR + authentication methods, and this includes password reset registration.