There is no way currently to configure a default method, as long as multiple methods are enabled the user can select/use any of them. The preference for Authenticator is due to Security defaults, and similarly we now have the "system-preferred" policy as detailed here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-system-preferred-multifactor-authentication
Change default MFA verification method for new users
Stavros
20
Reputation points
Ever since combined registration for MFA and SSPR was enabled for our tenant, Microsoft Authenticator has become the default verification method for new users. I was wondering if there is a way to change this and make Phone being the default verification method, while allowing Microsoft Authenticator as an alternative.