Share via

Add extra authetication methods in Entra

Sharon01 101 Reputation points
2024-10-09T13:45:55.8033333+00:00

Hi ,

In Entra , if i filter for a user -->Authentication method , i can see the user is capable with 2 authntication methods . I use Powershell to filter , since Entra won't show which is availble .

ExtensionData IsDefault MethodType

System.Runtime.Serialization.ExtensionDataObject True OneWaySMS

System.Runtime.Serialization.ExtensionDataObject False TwoWayVoiceMobile

In the Tenant , MFA with Authenticator App is enabled for all users. But still some users dont have this . How can I add this authentication method for those users.

Either via intune or via Powershell command

I see that Microsoft Authenticator as a Non-usable authentication methods for the user .

Expand table

Authentication method****DetailExpand table

Microsoft AuthenticatorMicrosoft AuthenticatorMicrosoft AuthenticatorWhy this shows . In the Tenant it is enabled for all users

Thanks

Windows for business | Windows Server | User experience | PowerShell
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Intune | Other
Answer accepted by question author
  1. Raja Pothuraju 43,660 Reputation points Microsoft External Staff Moderator
    2024-10-14T19:34:02.06+00:00

    Hello @Sharon01,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, it seems that you're trying to add an additional authentication method in Entra, but for some users, the Microsoft Authenticator appears under "Non-usable authentication methods." You would like to move it to the "Usable authentication methods" section. Below is a screenshot from my test tenant for reference.User's image

    Cause: This occurs if users did not complete the setup or failed to verify the 2-digit number that appears after scanning the QR code in the Authenticator app during MFA setup.

    User's image

    After scanning the QR code in the Microsoft Authenticator app, when users click "Next" on the setup page, they will be prompted with a 2-digit number to verify the registration.

    User's image

    If the user does not verify the registration and, for some reason, returns to the previous page or skips the MFA setup with the Microsoft Authenticator app, it will appear under the "Non-usable authentication methods" tab in the user's profile.

    Solution: To move it to the "Usable" section, you can require the affected users to re-register for multi-factor authentication. For this, click on "Require re-register multifactor authentication" for all users whose methods are listed under "Non-usable authentication methods." On their next sign-in, they will be prompted to re-register for MFA, or they can visit aka.ms/mfasetup to complete the setup using the Microsoft Authenticator app.

    User's image

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.