Hello, if i enable security defaults, i see that users have up to 14 days to setup their MFA method. What are MFA options that do not require a phone?

Hello Chris, Thank you for reaching out to Microsoft QnA Platform. I would like to confirm that Microsoft Entra ID Security Defaults requires to register for and use multifactor authentication using the Microsoft Authenticator app using notifications . Users might use verification codes from the Microsoft Authenticator app or any third party application using OATH TOTP to generate codes but can only register using the Microsoft Authenticator app notification option. For more details you can review following documentation link and screenshot which answers all doubts about Security Default: https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults I hope this answer helps to resolve your issue. Please " Accept the answer " if the information helped you. This will help us and others in the community as well.

I see. Thank you so much for your responses

With Security defaults enabled, is there a MFA method that doesn't require a phone?

Accepted answer

Harpreet Singh Matharoo 8,321 Reputation points Microsoft Employee

2024-01-18T03:42:57.8+00:00

Hello Chris, Thank you for reaching out to Microsoft QnA Platform. I would like to confirm that Microsoft Entra ID Security Defaults requires to register for and use multifactor authentication using the Microsoft Authenticator app using notifications.

Users might use verification codes from the Microsoft Authenticator app or any third party application using OATH TOTP to generate codes but can only register using the Microsoft Authenticator app notification option.

For more details you can review following documentation link and screenshot which answers all doubts about Security Default: https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults

I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.

1 person found this answer helpful.
Chris 21 Reputation points

2024-01-19T18:30:02.55+00:00

Hello, So the user must use a phone for all MFA using Security Defaults? Also, We have the basic Azure so we don't have Azure AD Premium licensing. Is there a way to keep the security defaults and omit two employees and setup another method that does not require a phone? (these employees are not permitted to take a phone in office)

Harpreet Singh Matharoo 8,321 Reputation points Microsoft Employee

2024-01-22T10:56:41.2233333+00:00

Security Defaults is a tenant wide feature and specific users cannot be excluded if Security defaults is turned on. Alternatively, you can use Per-User MFA if you only want to target specific users to be prompted for MFA. For more details review: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userstates Also, when Security Default is enabled normal users would only be prompted to MFA when necessary and Microsoft decides when a user should be prompted for MFA.

For more details about security defaults, you can review following documentation and screenshot:
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-licensing#feature-comparison-based-on-licenses
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

With Security defaults enabled, is there a MFA method that doesn't require a phone?

1 additional answer

Your answer