question

knopper avatar image
0 Votes"
knopper asked knopper answered

E-Mail option not available for MFA/SSPR

I have the E-Mail authentication method enabled in Authentication Methods in Azure AD Password Reset and it is available when users try to register for SSPR/MFA using the combined registration experience. However, when I force users to register using the Azure AD Identity Protection MFA Registration Policy, the E-Mail option is not available, only the other enabled methods - mobile app and SMS. I thought the experience should be the same, no matter if users register by policy enforcement or voluntarily. Is this by design?

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
1 Vote"
michev answered

The experience is the same, as in the same UI/flow is used, but that doesn't mean the methods are the same. You cannot do MFA via email or via secret questions.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AbdelrahmanOmarAmineAli-4493 avatar image
1 Vote"
AbdelrahmanOmarAmineAli-4493 answered

Yes, this is by design

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

knopper avatar image
0 Votes"
knopper answered

Good to know, thanks! Now when I think about it, it does make sense - the 2nd factor must be something that the user has, not another password/code coming from an e-mail.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.