Share via

Is it possible to restrict Azure MFA to single device?

Paul Blalock 20 Reputation points
2023-07-26T16:24:20.06+00:00

My company is looking to restrict MFA access to a single method. Either SMS or Authenticator App, but they want it to be restricted to a single device. They do not want a user to have Authenticator App on 2 phones and a tablet, that could then be lost or stolen and access granted via that device.

Is this possible using the Conditional Access or another method?

Thanks for any help you can provide.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. Konstantinos Passadis 19,686 Reputation points MVP
    2023-07-26T16:35:11.32+00:00

    Hello @Paul Blalock !

    Welcome to Microsoft QnA!

    It is not possible , just checked it on a user ....

    The SMS though can be added on another device

    Microsoft's MFA methods are designed with the understanding that users may lose access to a primary device and need alternative methods to authenticate

    Look at this thread also :

    https://learn.microsoft.com/en-us/answers/questions/527470/number-of-registered-phones-limit-for-azure-mfa

    There are other methods like MDM / Intune to protect your users and Organization from stolen devices and credentials

    Let us know if you want more clarifications

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.