About SMS and Mutlifactor Authentication

Kuronuma 230 Reputation points
2024-03-21T05:59:51.48+00:00

My goal is to seperate SMS and MFA authentication for specific users

Example user A,B,C authenticate from SMS and User B,C,D authenticate from MFA

For this I have enabled the following features
User's image

I have created 2 groups 1 for SMS and 1 for MFA

under SMS groups I have three user including guest and same for MFA group

Then I have include SMS group for SMS authentication and Exclude MFA group and vice versa for MFA group

After this when user in the group sign in there should be SMS or MFA authentication but In my end no authentication screen occur while signing including guest I dont know why the method didot work am I missing something???

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,872 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,659 questions
{count} votes

Accepted answer
  1. Navya 10,540 Reputation points Microsoft Vendor
    2024-03-21T09:24:46.8866667+00:00

    Hi @Kuronuma

    Thank you for posting this in Microsoft Q&A.

    I understand you are trying to separate SMS and MFA authentication for specific users. You have created two groups, one for SMS and one for MFA, and included users in each group. However, when users in the group sign in, there is no authentication screen.

    There are three main steps to enable and use SMS-based authentication in your organization:

    • Enable the authentication method policy. To configure SMS-based authentication for first factor check the Use for sign-in checkbox.
    • Select users or groups that can use the SMS-based authentication method.
    • Assign a phone number for each user account.

    According to the information you shared, I believe you have missed the third step. reference: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-sms-signin#enable-the-sms-based-authentication-methodCan you please check Microsoft Authenticator settings whether you have excluded SMS group or not?

    You can enable Microsoft Entra multifactor authentication with Conditional Access policies.

    For your reference: Conditional Access Policies

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.