This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 10%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
HELP! We just got a notice: "We’ll enable security improvements in Microsoft Entra ID beginning September 15, 2023" - tomorrow. We do not want to use Forced Microsoft Authenticator. Many of our users do not even have Cell Phones, or don't use their personal cell phones for work. We do not provide the majority of users with a cell phone. We like having Microsoft Authenticator as one of many options, but not forced. I have had users in many circumstances, where they could not get SMS but had data connection; or vice versa. The ONLY thing that let them login was having various second factor methods.
This will be a deal breaker Microsoft. We are in Public Sector Legal, subject to Public Records - we are not going to convince a bunch of attorneys to use their personal phones for work related communications. We will have to leave Azure/365.
How can we configure it to not require Microsoft Authenticator?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 89%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
We are in the same pickle here. There has to be a solution here. We simply cannot make it mandatory for employees with personal devices.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 62%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Same here! To expect employees to carry personal phones and have Authenticator installed on them is ridiculous. Our employees are not allowed to even carry personal phones at work!
I did not even think of that - we can't carry ours in certain areas, and certain branches can't have them..
Go to : Security/Authentication Methods / Settings in the portal. Set to disabled.
Also exclude your users from any enabled registration campaign:
Thank you sir!
Will this option disable anything that has to do with our current enrollment for our users? Do they need to re-enroll in MFA? I just want to make sure that if we select this option, whatever we have for MFA from MS will not cause the user to interact. Basically, can i Disable this and have no recourse with a current environment?
TYIA
Does this change anything with current setups? Will my users have to re-register, or does this setting simply bypasses the MS setting? I just want to make sure if i disable this, my users that have MFA will not have to do anything else. TYIA.
Yes, this puts many of us in a pickle. There cannot possibly be an enforcement. Following for a possible solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 82%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
This is controllable via the registration campaign in the Microsoft Entra Admin Portal. Changing state from "Microsoft Managed" to "Disabled" should prevent Microsoft switching the default tomorrow.
Won't that only stop the registration campaign - will they not enforce authenticator if you don't have people registered?