How to disable forced Authenticator App?

Damon Boyer 45 Reputation points
2023-09-14T20:01:49.13+00:00

HELP! We just got a notice: "We’ll enable security improvements in Microsoft Entra ID beginning September 15, 2023" - tomorrow. We do not want to use Forced Microsoft Authenticator. Many of our users do not even have Cell Phones, or don't use their personal cell phones for work. We do not provide the majority of users with a cell phone. We like having Microsoft Authenticator as one of many options, but not forced. I have had users in many circumstances, where they could not get SMS but had data connection; or vice versa. The ONLY thing that let them login was having various second factor methods.

This will be a deal breaker Microsoft. We are in Public Sector Legal, subject to Public Records - we are not going to convince a bunch of attorneys to use their personal phones for work related communications. We will have to leave Azure/365.

How can we configure it to not require Microsoft Authenticator?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,345 questions
Microsoft Entra
{count} votes

Accepted answer
  1. Andy David - MVP 150.2K Reputation points MVP
    2023-09-14T23:48:09.0066667+00:00

    Go to : Security/Authentication Methods / Settings in the portal. Set to disabled.

    Also exclude your users from any enabled registration campaign:

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign#enable-the-registration-campaign-policy-using-the-microsoft-entra-admin-center

    User's image

    User's image

    2 people found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. SyBox 15 Reputation points
    2023-09-14T23:31:44.7033333+00:00

    Yes, this puts many of us in a pickle. There cannot possibly be an enforcement. Following for a possible solution.

    1 person found this answer helpful.
    0 comments No comments

  2. Michael Pritchard 10 Reputation points
    2023-09-14T23:45:19.1033333+00:00

    This is controllable via the registration campaign in the Microsoft Entra Admin Portal. Changing state from "Microsoft Managed" to "Disabled" should prevent Microsoft switching the default tomorrow.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.