How can I change (and lock?) the default Authentication Method for users to Authenticator app?

Nick Marchese 20 Reputation points
2024-06-13T18:59:24.72+00:00

Hey all

We currently have the Authenticator App and the SMS messages methods available for Authentication Methods. I'm hoping that I could make the default method the Authenticator App and ideally lock it to be the Authenticator app but perhaps leave the SMS as a backup. Any insights?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,135 questions
{count} votes

Accepted answer
  1. akinbade abiola 9,010 Reputation points
    2024-06-13T19:10:40.6766667+00:00

    Hello Nick Marchese,

    Thanks for your question.

    You can implement stricter policies to make the Authenticator app the preferred choice.

    You can configure Conditional Access policies to require MFA for specific actions or login attempts. Within these policies, you can prioritize the Microsoft Authenticator app as the primary MFA method.

    See: https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-all-users-mfa#create-a-conditional-access-policy

    You can nudge users to set up Microsoft Authenticator during sign-in. Users go through their regular sign-in, perform multifactor authentication as usual, and then get prompted to set up Microsoft Authenticator. See:

    https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mfa-registration-campaign

    Please remember to exclude a break glass account for either implementationUser's image

    Regards,

    You can mark it 'Accept Answer' if this helped.


0 additional answers

Sort by: Most helpful