Share via

I have SMS as an MFA option. Why can't I use it when logging in?

medwds 1 Reputation point
2024-11-11T22:18:06.2+00:00

I helped a customer sign up for Microsoft 365 email via GoDaddy. When they first signed in, they were encouraged to set up MFA, which I expected. However, there was no option to skip registering an authenticator app. I'd wanted to avoid an authenticator app with this particular customer, at least for now, but we went ahead because there was no other way. We registered a phone number for SMS as a backup.

But when the customer logs in, they're not given an option to use SMS. I know we don't need it right now, but what about as a backup? I'm sure there's usually a link that says "I can't use my authenticator app right now", but it just isn't there.

So I thought I'd be better off changing the default MFA method to SMS, but I can't. At the top of the page where you manage MFA, the option to change the default MFA method is simply missing.

Finally, I thought I'd delete the authenticator from the list of MFA methods. I added email as a second backup. But we can't delete the authenticator — a red box appears saying there was an error. I can't remember the wording, but it was vague.

Can anyone explain any of this?

I'm really hoping this isn't a sign that SMS MFA is going away, as we keep hearing. After working for 15 years with less technical users and smaller organisations, I can't stress enough the importance of traditional MFA options like SMS and voice call. I understand the risks, and companies can mandate TOTP or hardware tokens if they want; but it should be a choice, not something that's forced on everyone.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,210 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,328 questions
Accepted answer
  1. Harshitha Eligeti 730 Reputation points Microsoft Vendor
    2024-11-12T20:50:27.6066667+00:00

    Hi @ medwds   
    Thank you for sharing your issue on Microsoft Q&A. 

    I Understand that you're experiencing challenges with Microsoft 365's multi-factor authentication setup, particularly regarding the use of SMS as a backup method alongside the Microsoft Authenticator app.     
    Please check if your tenant has the Authenticator app registered. If so, disable it and enable SMS-based authentication instead.    
    authentication-methods-policy

    enable-sms-authentication-method

    If users are enabled for SMS-based authentication, their phone number must be associated with their user profile in Microsoft Entra ID before they can sign in. Please verify if the users' phone numbers are correctly set in their accounts. If you are the global admin, you can set the phone numbers. At the sign-in prompt, enter the phone number associated with the user's account. Now the user can sign in without the need to provide a username or password.

    Hope this helps. Do let us know if you have any further queries. 

    Best Regards. 
    Harshitha Eligeti. 

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.