Feb 04 2021
- last edited on
Jan 14 2022
We support multiple MFA methods Authenticator app, text, call.
Is there a way to set Microsoft Authenticator as the default MFA Method and do not allow users to "delete/remove" it?
Feb 04 2021 10:59 AM
@JamesRV Hi, you can choose the available options in the MFA service settings Configure Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs
And you also have the preview Passwordless sign-in with the Microsoft Authenticator app - Azure Active Directory | Microsoft Docs
Feb 04 2021 02:41 PM
Thank you for your response. I do know how to enable MFA methods.
We are trying to see if we can "Force Authenticator as a method that cannot be removed."
When you have multiple options available like authenticator/text/phone call the user can "delete/remove" authenticator and use only text/phone.
We want to ensure that Authenticator is Always the primary and couple of other options as secondary.
I do not see any documentation to be able to do this.
Feb 04 2021 03:30 PM
Jul 14 2021 02:40 PM
Sep 03 2021 05:02 AM
@Mondas Perhaps this will help you in solving or in finding a solution to your problem! https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/please-add-api-for-set-or-ch...
Jun 30 2022 08:29 AM
exact same problem... despite I advertised in red, in mail, in videos remained twice by mail to select that "mobile application" choice...
every one in the first 50s people we deployed have gone through the mobile phone choice (SMS) and not "mobile application".
As far as they don't consider them selves as engineer, people usally don't make the intellectual effort of understanding the difference, they see "mobile" in the text, that's it !
We have set a policy to only allow authentication through the app... but still that **bleep** "mobile phone" text appears in first in the list...
Don't know what will happened at the end of the 14 days grace period for them. Or i guess my telephone will be ringing a lot !
Jul 06 2022 01:35 PM