Share via

Is there a way to increase the number of SMS attempts?

Christopher J Nuss 41 Reputation points
2024-08-06T17:35:22.0833333+00:00

We have multiple users that still own flip phones and are unable to use the Authenticator App. Do to this we are wanting to set them up to use SMS however after the 1st sign in attempt it gives the message that they only have 2 attempts left. Is it possible to increase the number of attempts to a number on a daily basis or just turn off count completely.

I will ask as I've heard rumor that SMS and voice is looking to be removed. Is this true at this time?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,893 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,812 questions
0 comments
Accepted answer
  1. Fabio Andrade 1,660 Reputation points Microsoft Employee
    2024-08-06T23:21:13.5133333+00:00

    Hi @Christopher J Nuss

    Thanks for reaching out to Microsoft Q&A

    There's no limit attempts for SMS sign ins, what I suspect is happening is that Registration Campaign feature is enabled and requesting your users to register Microsoft Authenticator application for MFA as per the screenshot below:

    User's image

    If you are not ready to use Registration Campaign, you can disable it following these steps:

    1 - Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.

    2 - Browse to Protection > Authentication methods > Registration campaign and click Edit.

    3 - Select Disabled to disable the registration campaign for all users.

    https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mfa-registration-campaign

    Regarding your SMS query, although it's encouraged and recommended to use MS Authenticator app due to security concerns, Microsoft does not have plans to remove SMS option as an Authentication Method as of Today.

    Thanks,

    Fabio

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 36,846 Reputation points Microsoft Employee
    2024-08-07T00:24:40.6266667+00:00

    Hi @Christopher J Nuss ,

    Just to add to Fabio's answer, it's also possible that you are hitting the regular Azure Smart Lockout threshold. The default is 10 for Azure Public tenants and 3 for Azure US Government tenants.

    That said, when using pass-through authentication, the Entra ID/Azure AD lockout threshold is less than the AD DS account lockout threshold, so you would need to ensure that the AD DS on-prem lockout threshold is at least two or three times greater than the one in Entra/Azure.

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-smart-lockout#how-smart-lockout-works

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.