Share via

Apply only one method of allowing MFA to a test group

Rama 0 Reputation points
2023-06-01T14:27:23.37+00:00

Forum,

How do I apply this below said option to a "test group" and not the entire org.

We want to disable MFA options for "Text message to phone" and "Call to phone", as it can lead to social engineering and possible phone spoofing.

We only want to keep the options in "Blue"

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2023-06-02T22:55:37.78+00:00

    @Rama

    Thank you for your post!

    I understand that you want to disable some of the per-user MFA phone options and are looking to only apply these options to a Test group and not your entire organization. Unfortunately, when it comes to per-user MFA users are enabled individually, and if you want to apply your MFA options to a single Azure AD group, you'll have to leverage Conditional Access Policies.

    Please note that enabling Azure AD MFA using Conditional Access policies is the recommended approach to protect users. Additionally, in March 2023, we announced the deprecation of managing authentication methods in the legacy multifactor authentication (MFA) and self-service password reset (SSPR) policies. For more info.

    User's image

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.