Share via

SMS Authentification in Azure Active Directory

L.Han 20 Reputation points
2024-11-03T15:44:02.25+00:00

Hello Microsoft Support Team,

I am currently learning Azure services and pursuing opportunities for a traineeship in Azure CI/CD, containerization with Kubernetes, ACR, AKS, and security. I have implemented the Microsoft Authenticator and SMS as authentication methods in my Azure portal (link: https://portal.azure.com/#home) with the account email: ******@gmail.com.

I successfully tested the Microsoft Authenticator; however, I am experiencing an issue with the SMS authentication method. In the Azure Active Directory settings (link: https://portal.azure.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods), I noted that the Microsoft Authenticator is disabled, and SMS authentication is enabled for all users.

During my tests, after entering my password, I expected to receive an SMS for second-factor authentication, but this did not occur. Is this behavior expected under my current settings, or is there an additional configuration that needs to be applied for SMS to function as a second factor?

I appreciate any guidance you can provide on this matter.

Thank you for your assistance!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 23,715 Reputation points Microsoft External Staff Moderator
    2024-11-04T20:47:25.2433333+00:00

    Hello @L.Han,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, I understand that you have enabled Microsoft Authenticator and SMS authentication methods for your user account but are experiencing issues with SMS. In the modern authentication methods, SMS is enabled for all users, while Microsoft Authenticator is disabled.

    Given this setup, only SMS authentication should work. If a user tries to sign in using Microsoft Authenticator, it should not be accepted since it’s disabled in your settings. However, this behavior can be overridden if legacy verification options or legacy authentication methods are still enabled in your tenant, and the migration to modern methods is incomplete.

    Please refer to the screenshot below to check the migration status.

    User's image

    If the migration is marked as completed, only methods from the Modern Authentication Methods policy will be applied. If the status is "in progress" or "pre-migration," legacy verification options may still be used during authentication. You can find these settings under Microsoft Entra ID > Users > Per-User MFA > Service settings > Methods available to users.

    User's image

    Check which methods are enabled in your tenant and troubleshoot accordingly. If you still encounter issues, please let me know, and we can connect offline for further assistance.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.