Share via

MFA Server: delayed SMS

  • Article

Question

Wednesday, June 8, 2016 9:13 AM

We have set up the MFA server on-site and are using the SMS functionality for authentication. But lately we've noticed that often there is a (long) delay in receiving the SMS. Mostly longer than the authentication timeout so after people receive the text, the code is already invalid.

Anyone else having this issue?

All replies (3)

Thursday, June 9, 2016 6:04 AM

Hi,

Thank you for your post!

The Azure Multi-Factor Authentication service sends text messages through SMS aggregators. Many factors may impact the reliability of text message delivery and receipt including the aggregator used, destination country, mobile phone carrier and signal strength. Therefore, delivery of text messages and receipt of SMS replies when performing two-way SMS is not guaranteed. Using one-way SMS is recommended over two-way SMS when possible because it is more reliable and prevents users from incurring global SMS charges caused by replying to a text message that was sent from another country.

Text message verifications are also more reliable in some countries such as the United States and Canada. Users that experience difficulty receiving text messages reliably when using Azure Multi-Factor Authentication are encouraged to select the mobile app or phone call methods instead. The mobile app is great because mobile app notifications can be received over both cellular and Wi-Fi connections, and the mobile app passcode is displayed even when the device has no signal at all. The Azure Authenticator app is available for Windows Phone, Android, and IOS.

Best Regards

Sadiqh Ahmed
________________________________________________________________________________________________________________

If this post was helpful to you, please upvote it and/or mark it as an answer so others can more easily find it in the future.

Thursday, June 9, 2016 10:35 AM

Thanks for your reply.

We indeed only use one-way SMS for it's convenience. Also Azure MFA Server is used company-wide in four different European countries and we have noticed this issue in all of them. So I guess there is some room for reliability improvement.

We first started off using the cloud version of Azure MFA to secure our Office 365 applications. Most employees opted here to use the Azure Authenticator app. We then decided to use SMS MFA on our on-site environment since otherwise users had to enroll the Authenticator app twice which is really confusing for end-users. 

Friday, June 10, 2016 8:20 AM

We are seeing similar delays, particularly in New Zealand. We rolled out with SMS as it required minimal intervention on the part of our support team and for the users. Unfortunately we are finding we have to pull the MFA reports daily, highlight users with a large number of "Text Message Sent" and "Text Message OTP Incorrect" and contact them individually, switching them to the app with OATH code.

Whilst Azure uses third party aggregators and carriers, it would be nice if they could perhaps follow up on performance of these services.