Share via

Can we disable registration campaign?

Eaven HUANG 2,156 Reputation points
2023-09-15T01:20:57.9633333+00:00

Today we received the notification from Microsoft saying about registration campaign. Currently we have set up MFA via conditional access policy and most of the users are using phone SMS code for the second-layer verification, this is working fine as the Microsoft Authenticator doesn't work on many of our Chinese Android phones, no push notification, when they scanned the QR code, it can't be registered successfully.

The concerning point now is that,

Can we just disable registration campaign via Entra admin center? so users keep using SMS code as before.

If users are forced to download and scan the QR code for authenticator, can this be an optional verification method while they still use SMS code as the default one?

The articles via Microsoft pages seems very hard for understanding, to my knowledge:(

Below is the email message from Microsoft:

After the registration campaign feature is enabled, everyone in your organization who currently uses SMS or voice authentication will need to set up Microsoft Authenticator. To avoid any confusion, let your users know what to expect by September 15, 2023:

·     When they sign in to their work or school account, they’ll see a prompt to set up the Authenticator app—they can choose to install it or skip the prompt. They can skip up to three times before they’re required to install it.

To install it, they’ll need to select Next on the prompt, which will take them through the Authenticator app setup.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,630 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 16,696 Reputation points Microsoft Employee
    2023-09-15T06:05:16.7133333+00:00

    @Eaven HUANG

    Thank you for reaching out to us on Microsoft Q&A.

    Yes, you can disable the registration campaign for users to register for Authenticator app.

    Registration campaign to set up Microsoft Authenticator app is pushed by Microsoft recently.

    As we always believe Microsoft authenticator app method is the stronger than SMS and Phone methods.

    Below is the article that we have categorized and listed depending on the authentication methods for MFA.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods#authentication-method-strength-and-security

    However, in your situation Microsoft Authenticator App doesn't work on many of your Chinese Android phones, you can disable this registration campaign in Microsoft Entra portal.

    Follow steps to disable this campaign,

    • Login to https://entra.microsoft.com/ using global administrator credentials.
    • Click on Protection blade on the left pane and then select "Authentication methods".
    • Click on registration campaign and Edit button on the top. User's image
    • Now under state you can click on the drop down option and you will see options to disable registration campaign. User's image
    • By default "Microsoft managed" is selected.
    • You can also add group of users whom you do not want to get authenticator app installed.

    For more information you can refer below article,

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign#enable-the-registration-campaign-policy-using-the-microsoft-entra-admin-center

    Let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.