System-preferred MFA not (quite) working as expected

Copper Contributor

So I've ran into an interesting issue in my tenant today while checking some reports on the usage of various authentication methods.


We enabled system-preferred MFA for all our users a few months back. Of the approx. 4K users that have MS Authenticator installed and configured (where some are capable of passwordless as well), it seems that over 20% of those users still have SMS as the Default sign-in method registered.


Any idea what might be the cause of this? Where/how to investigate this further?

Is there a configuration we missed, or is system-preferred MFA a little buggy still? Thanks for the feedback! 

2 Replies
if a user registered both SMS and Microsoft Authenticator push notifications as methods for MFA, system-preferred MFA prompts the user to sign in by using the more secure push notification method.


Yes, I'm aware of how it should work, it's just that it doesn't affect all our users as I described above. :smile: