다음을 통해 공유

Azure MFA - Office Phone - country code grayed out

  • 아티클

Troubleshooting

I wanted to configure my office phone number for Azure MFA. This looks like very easy and just a matter of few clicks. However, it turn out to be not as easy as expected, but, it brought lot of learnings, which I want to share with you.

I login to Office 365 portal --> My Accounts --> Security & Privacy --> Click on Update your phone numbers used for account security.

Here I can not provide my phone number because it is grey out. But it suggest to contact my Admin. So, I reach out to my AD Administrator and get the phone number updated in Local AD.

I visited the page again and see my phone number, however, countryCode is not populated. But it is mandatory to provide countryCode. It does not seems possible from the Portal.

So, I reach out to my AD Administrator and request him to update my country information. He updated the country

*                                  *

​So why countryCode is not populated? Is Synchronization not working? To find the answer to these questions, I reach out to my Azure ADConnect Server and find something interesting.

                   

Surprisingly, it is syncing the value of country and countryLetterCode attribute correctly but what it is passing in the countryCode attribute? What is this value 356?

I did further research and found that countryCode attribute is not related to ISD countryCode. It is actually ISO 3166 Standard code. We can find more information about countryCode attribute here - MSDN countryCode

We can find ISO 3166 Standard countryCode value for our country here - ISO3166 Standard countryCode

Back to question, how to populate countryCode value?

Solution was very simple, all we need to do, is add countryCode value, before the phone number in premise Active Directory.

         

*And now the countryCode is populated in the Office Phone Number successfully and I am able to use it for MFA.  *

         

Please note, This problem occurs only for Hybrid ADConnect users.  THE DROP DOWN BOX IS DISABLED BY DESIGN in this environment. 

The Telephone field in our on prem AD must be formated correctly for AD for AZURE to be able to strip the country code out to populate the field. The key is a " + " a space and Country Code ( 1 in my instance ) phone number no spaces or dashes ( XXXXXXXXXX ) total filed looks like  +1 XXXXXXXXXX.

Find that in Microsoft documentation.