Change default MFA verification method for new users

Stavros 20 Reputation points
2023-03-27T22:05:21.9766667+00:00

Ever since combined registration for MFA and SSPR was enabled for our tenant, Microsoft Authenticator has become the default verification method for new users. I was wondering if there is a way to change this and make Phone being the default verification method, while allowing Microsoft Authenticator as an alternative.

MicrosoftTeams-image

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,623 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,402 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 103.9K Reputation points MVP
    2023-03-28T07:23:58.4833333+00:00

    There is no way currently to configure a default method, as long as multiple methods are enabled the user can select/use any of them. The preference for Authenticator is due to Security defaults, and similarly we now have the "system-preferred" policy as detailed here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-system-preferred-multifactor-authentication


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.