About SMS and Mutlifactor Authentication

Question

My goal is to seperate SMS and MFA authentication for specific users

Example user A,B,C authenticate from SMS and User B,C,D authenticate from MFA

For this I have enabled the following features

I have created 2 groups 1 for SMS and 1 for MFA

under SMS groups I have three user including guest and same for MFA group

Then I have include SMS group for SMS authentication and Exclude MFA group and vice versa for MFA group

After this when user in the group sign in there should be SMS or MFA authentication but In my end no authentication screen occur while signing including guest I dont know why the method didot work am I missing something???

Answer 1

Hi @Kuronuma

Thank you for posting this in Microsoft Q&A.

I understand you are trying to separate SMS and MFA authentication for specific users. You have created two groups, one for SMS and one for MFA, and included users in each group. However, when users in the group sign in, there is no authentication screen.

There are three main steps to enable and use SMS-based authentication in your organization:

• Enable the authentication method policy. To configure SMS-based authentication for first factor check the Use for sign-in checkbox.
• Select users or groups that can use the SMS-based authentication method.
• Assign a phone number for each user account.

According to the information you shared, I believe you have missed the third step. reference: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-sms-signin#enable-the-sms-based-authentication-methodCan you please check Microsoft Authenticator settings whether you have excluded SMS group or not?

You can enable Microsoft Entra multifactor authentication with Conditional Access policies.

For your reference: Conditional Access Policies

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

If the answer is helpful, please click "Accept Answer" and kindly upvote it.