We have enabled MFA for the bigger part of our users and noticed a few misconfigurations. We would like to prevent users from changing their own "security info" so only admins could enter their mobile phone numbers for MFA.
Why?
We noticed some users using non-company-owned mobile phone numbers for MFA and this is a security hole that is not acceptable by company policies. Check screenshots.
Also, we would like to use the same phone number that is provided in the user's contact information on the o365 user's card. But in the Azure portal, there is a second setting to add a mobile phone number for the MFA authentication method. Is there an option to use the phone number provided in the o365 users' contact information?
Why?
Imagine when our HR manager adds a new user to o365 and we as admins need to manually add a mobile phone number via azure admin portal at users authentication method settings.