Authentication Methods - Force two or three methods

Diego Ramírez 60 Reputation points

We are configuring authentication methods in a company. We are in "migration in progress" mode. We are looking for new users to have to register Microsoft Authenticator app and/or SMS for sign-in, then, Email OTP and/or SMS for password reset.

We have enabled Microsoft Authenticator, SMS and Email OTP in Authentication methods section but we have two questions.

First, we know that the Authentication Methods section will be final as of September 2024 and will unify both MFA and SSPF but we do not currently see how to configure for what purpose I want to use each method. We know that there are methods that can be used for both (SMS) and that the "use for sign-in" check can be unchecked, but in the case of the authenticator app we do not see that this is possible. Or if we want to use SMS only for sign-in and not for SSPF we can't do it either.

The second doubt is that in the "registration" field inside a method settings we have the "Optional" value non-editable, without being able to change it. We do not know the reason, we would like for example to be able to force two or three methods when registering a new user and we are only shown optional.


Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,093 questions
0 comments No comments
{count} votes