How to target Registration campaign only to users having Default multifactorauthentication method as Mobile?

Global Admin- TechSpace 40 Reputation points
2023-09-21T09:40:54.1866667+00:00

We have Azure AD Tenant where lot of users registered for different MFA Methods as Push notification, Software OATH code, Mobile (Voice/SMS). we have user statistics that most users are still using Mobile (Voice/SMS) method in Azure AD tenant which can be compromised to middleman attacks. We want to force them to Authenticator App Push notification which best practice of MFA. we are using Registration campaign feature as solution for this which prompt user move to Authenticator App Push notification.

Enabling this feature is easy task, but we wanted to target users who are using Default multifactor authentication method as Mobile (Voice/SMS).

MicrosoftTeams-image

MicrosoftTeams-image (1)

How to target Registration campaign only to users having Default multifactor authentication method as Mobile? because we cannot create dynamic group to sort mobile users as there is no attribute to setup that rule.

We want that mobile users to be targeted to the group and assign that group to Registration Campaign in Azure AD.

I need your assistance in providing solution to the above Issue, Thanks in advance.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,759 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Tushar Kumar 3,326 Reputation points MVP
    2023-09-21T09:58:55.7+00:00

    Hi Global Admin- TechSpace,

    Thank you for asking your question in QnA!

    I can do some test around targetting Default method users I don't have an answer for now.

    I can understand your main concern here is mainly making sure users use the strong authentication method which can be achived with use of following Options :

    1. Enable Registration Campagin for MFA with Authenticator APP (This will apply to all users unless you decide to include and exclude, people already using it will not be affected) This will make sure everyone have authenticator.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign

    1. Enable System Preferred MFA : This will help in prompting users to sign in by using the most secure method they registered.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-system-preferred-multifactor-authentication

    With combination of both it will address your concern of people using weak authentication method.

    Please Click " Accept as answer" if this helps.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.