9,345 questions
Question Regarding Hardware OATH Tokens and User Authentication Method Visibility
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 8%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Christopher Green
21
Reputation points
Hi,
I have a question about Hardware OATH tokens, user authentication methods, and “My Security Info” within myaccount.microsoft.com.
We’ve recently issued users Hardware OATH tokens, uploaded a CSV containing serial numbers, model, manufacturer, secret keys, etc. to the Multifactor authentication | OATH tokens (Preview) section in Azure, and successfully activated them.
We’ve noticed that these Hardware OATH tokens appear under the user’s security information in myaccount.microsoft.com, and the user is able to delete them. Is this standard and expected behavior? Is there a way to prevent users from being able to remove their Hardware OATH tokens?
Additionally, we’ve noticed that these tokens do not appear under the User Authentication Methods section within Azure, whereas other methods (such as TAP, email, phone, SMS, Authenticator app, Windows Hello for Business, etc.) do. Is this expected, and is there a specific reason why Hardware OATH tokens do not appear under this view?
Happy to provide screenshots if that would be helpful.
Thanks,
Chris
Microsoft Security | Microsoft Authenticator
Sign in to answer