Hi @Kuronuma
Thank you for posting this in Microsoft Q&A.
I understand you are trying to separate SMS and MFA authentication for specific users. You have created two groups, one for SMS and one for MFA, and included users in each group. However, when users in the group sign in, there is no authentication screen.
There are three main steps to enable and use SMS-based authentication in your organization:
- Enable the authentication method policy. To configure SMS-based authentication for first factor check the Use for sign-in checkbox.
- Select users or groups that can use the SMS-based authentication method.
- Assign a phone number for each user account.
According to the information you shared, I believe you have missed the third step. reference: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-sms-signin#enable-the-sms-based-authentication-methodCan you please check Microsoft Authenticator settings whether you have excluded SMS group or not?
You can enable Microsoft Entra multifactor authentication with Conditional Access policies.
For your reference: Conditional Access Policies
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If the answer is helpful, please click "Accept Answer" and kindly upvote it.