Share via

MFA - no "I want to set up a different method" option during first user logon

Anonymous
2021-01-21T07:58:53+00:00

Hi,

we have Microsoft 365 Business Basic and Standard licenses on our tenant and Security defaults option enabled:

Now, when I reset MFA settings for user:

on his next logon, he get prompt for install Authenticator app:

There is no "I want to set up a different method" option at the bottom on the screen that I saw here:

What do I have to do, so that users are not forced to use the application and can choose a different method?

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-01-22T12:44:30+00:00

    Based on my test, admin first need to make sure all necessary verification options enabled to users. Go to Multi-Factor Authentication > service settings > Under verification options, check all of the boxes for methods available to users. Reference for you: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted#choose-verification-options

    During MFA verification, if the user account has not registered for MFA before, Azure AD will prompt the user to complete MFA registration first – “Your organization needs more information to keep your accounts secure”.

    Hi Linda, thanks for the answer. Up to this point is fine. But after clicking next, this screen appears:

    As you can see, there is no option for choose another method.

    Of course, all methods are allowed in the service settings and the authentication phone number has been entered in the user's account.

    6 people found this answer helpful.
    0 comments
  2. Anonymous
    2021-01-25T14:16:33+00:00

    Hi Linda,

    You need to know that the user has already entered a phone number before:

    Then I added two alternate methods (I had to turn on the preview experience first, otherwise it was impossible to add a method): Mobile and Office phone.

    When logging in for the first time, the user is immediately asked to authenticate with the method that is first on the list, and the window looks like this:

    Now he can click and choose another method.

    The worst part is that:

    1.these methods are not automatically copied from the user's Active Direcotry account (he has his office and mobile phone number entered there)

    2.after selecting Require re-register MFA, previously added methods are deleted:

    2 people found this answer helpful.
    0 comments
  3. Anonymous
    2021-01-23T08:25:37+00:00

    Hi amimeu,

    Based on the first picture you shared, I noticed that it said” Your organization requires the following authentication methods to be set up”. I think this means that you only provided the user with an authentication method. So, please check the user’s authentication method from the Azure portal, reference for you: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings#add-authentication-methods-for-a-user

    Thanks,

    Linda

    1 person found this answer helpful.
    0 comments
  4. Anonymous
    2021-01-21T10:04:07+00:00

    Hi amimeu,

    Based on my test, admin first need to make sure all necessary verification options enabled to users. Go to Multi-Factor Authentication > service settings > Under verification options, check all of the boxes for methods available to users. Reference for you: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted#choose-verification-options

    During MFA verification, if the user account has not registered for MFA before, Azure AD will prompt the user to complete MFA registration first – “Your organization needs more information to keep your accounts secure”.

    After clicking Next, the user will be asked to choose from a list of verification methods. See my screenshot, we can choose ‘Authentication phone’ or ‘mobile app’. If you do not want to use authentication app, you can select ‘Authentication phone’.

    Image

    In addition, we can add authentication methods for a user via the Azure portal: 

    Manage authentication methods for Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs

    Best Regards,

    Linda

    1 person found this answer helpful.
    0 comments
  5. Anonymous
    2021-01-26T22:53:40+00:00

    Hi amimeu,

    Please refer to the suggestion in Private Message. Your understanding is highly appreciated.

    Thanks,

    Linda

    0 comments