What are the quotas for sending MFA verification codes via SMS for Azure AD B2C?

Cristina DC 5 Reputation points
2023-03-27T12:50:42.26+00:00

Hi,

We started using MFA for our Azure AD B2C flows and we noticed that we started getting error messages when trying to send verification codes via SMS (this happened when multiple people were testing things on the same B2C tenant and using the MFA a lot). The error messages we are getting are the following:

  • Sometimes we get: You hit the limit on the number of text messages. Try again shortly.
  • Other times we get: The phone number you provided is unreachable.

I was not able to find any documentation where the exact limits are explained. It would be useful to know when the limitation kicks in since we are doing a lot of testing at the moment and we want to know what to expect and how to avoid the issue from happening. From what I can tell there is a limitation at tenant level but also at IP/phone number level.

Could you provide some information about these limits?

Thank you!

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,884 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,798 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,866 Reputation points Microsoft Employee
    2023-03-28T16:12:21.9633333+00:00

    @Cristina DC

    Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure AD Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications. You enable multifactor authentication without writing a single line of code.

    As per following Multi-Factor Authentication limits there are no fixed limits (due to security to avoid any attacks) and could be configured from Parent Azure AD and B2C :

    User's image

    AAD:

    User's image

    B2C:

    User's image

    Based upon your statement above we've confirmed that this issue happens due to a throttling done on our side to protect fraudulent activity' or other attacks. There're limits but these ones (for MFA) can't be shared publicly to avoid any threat attempts.

    Please do let me know if you have any further queries. Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.