Apply only one method of allowing MFA to a test group

Rama 0 Reputation points


How do I apply this below said option to a "test group" and not the entire org.

We want to disable MFA options for "Text message to phone" and "Call to phone", as it can lead to social engineering and possible phone spoofing.

We only want to keep the options in "Blue"

User's image

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,587 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,541 Reputation points Microsoft Employee


    Thank you for your post!

    I understand that you want to disable some of the per-user MFA phone options and are looking to only apply these options to a Test group and not your entire organization. Unfortunately, when it comes to per-user MFA users are enabled individually, and if you want to apply your MFA options to a single Azure AD group, you'll have to leverage Conditional Access Policies.

    Please note that enabling Azure AD MFA using Conditional Access policies is the recommended approach to protect users. Additionally, in March 2023, we announced the deprecation of managing authentication methods in the legacy multifactor authentication (MFA) and self-service password reset (SSPR) policies. For more info.

    User's image

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.