Setting only one required Authentication Method in Azure MFA

Tarald Johansen 21 Reputation points
2021-11-05T14:44:30.08+00:00

Hi everyone,

I'm setting up MFA for our cloud-based Azure AD / Office 365 environment, and have setup a Conditonal Access Policy to enable MFA for cloud applications outside of the organisations internal networks.

I have enabled ONLY text message as an authentication method, but when I then try to login to a user outside the network to prompt activating the MFA, I first need to enter a phone number (as intended) but also a second method using the Microsoft Authenticator app (which is a disabled method).

Is it possible to configure MFA so that when a user is prompted to setup MFA, they will only need to add the one enabled method being code by text and have the second option completely removed?

I do not wish to use the Authenticator App, and emails are not an option as we do not want our users to receive access codes to their personal emails since it is not allowed to enter an email within the organisation itself.

Thank you in advance.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,318 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2021-11-05T15:58:55.53+00:00

    Hi @Tarald Johansen • Thank you for reaching out.

    I suspect that you are required to provide 2 authentication methods because of SSPR. When you hit the Next button on the "More Information Required" page, it is checked that whether SSPR is enabled for the user account or not. If SSPR is enabled, the user will have to provide Authentication Method for both MFA and SSPR, refer to below flow chart:

    146877-image.png

    To change the number of methods required for SSPR, navigate to Azure AD > Password Reset > Authentication Methods and make sure Mobile app notification/code is unchecked.

    146810-image.png

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 94,366 Reputation points MVP
    2021-11-05T15:40:01.507+00:00

    Have you checked the methods configured for SSPR (https://portal.azure.com/#blade/Microsoft_AAD_IAM/PasswordResetMenuBlade/AuthenticationMethods), as the registration process is now unified between the two.

    0 comments