There is no way currently to configure a default method, as long as multiple methods are enabled the user can select/use any of them. The preference for Authenticator is due to Security defaults, and similarly we now have the "system-preferred" policy as detailed here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-system-preferred-multifactor-authentication
Change default MFA verification method for new users
Stavros
40
Reputation points
Ever since combined registration for MFA and SSPR was enabled for our tenant, Microsoft Authenticator has become the default verification method for new users. I was wondering if there is a way to change this and make Phone being the default verification method, while allowing Microsoft Authenticator as an alternative.
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
9,173 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,049 questions
Accepted answer
-
Vasil Michev 119.3K Reputation points MVP Volunteer Moderator
2023-03-28T07:23:58.4833333+00:00