Forum Discussion
Phase out text message / SMS for MFA (no hard break)
you can run through this scenario .
- Split the users into security groups , group phase 1 , group phase 2 , etc
- Create an new authentication strength and select only Password + Microsoft authenticator
- Create a conditional access policy and target the apps you want and the group of phase 1 for example and in the grant option select Require authentication strength that you created
is that way you are asking the users to user Microsoft authenticator push notification or password code to validate their MFA . make sure to exclude from any other policy for MFA
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
Try to use the below default combination that include all the MFA options. Well, the transition phase will take time and we cant avoid some manual work I know but we have to deal with it.
please let me know if its work
sadly not, because the built-in "Multifactor authentication" includes SMS:
so everything works like before.
- Not sure I agree that the an app running an internet connected phone provides stronger security that a self contained hardware token.
PatrickEl Well, I think for the time being you have to use the method I suggested before. but there is a way to identify the users with SMS by navigating to usage and insights in Azure Active Directory where you can filter and download the list.