Hello @Anonymous · Welcome to Q&A platform and thank you for your query.
It is not necessary to have SMS as backup method. You can have phone call as an alternate method and provide a fixed line/landline number as well.
Having SMS/Phone Call as backup options is helpful in situations when you have to:
- Reset your phone to factory defaults
- Uninstall Authenticator app due to frequent app crashes
And you need to setup Authenticator app again without engaging your local IT support which often causes unnecessary delay. Having Additional Security Verification methods is also helpful when you don't have internet access and can't receive app notifications but still want to access your applications.
Keep in mind, MFA is a combination of below in this case:
- What you know - Password
- What you have - Phone
If one of these is missing, account can't be compromised. SIM swap or SIM duplication will help only when your password is compromised too.
WHY does Microsoft force you to add a backup method when setting up SSPR?
This setting is configurable. You can choose number of methods required to reset password and what methods should be available to the user as highlighted below:
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.