Microsoft 365 — Simplifying Multi-Factor Authentication
By default, the Multi-Factor Authentication (MFA) scheme in Microsoft 365 offers various options. One of those options is to receive codes via SMS to a mobile phone, but this method is insecure. In the default configuration, there is no way to avoid providing a mobile number as a secondary authentication method (although it can be removed later).
In many scenarious, using only an Authenticator app provides the simplest and most secure user experience.
To simplify the options available for MFA:
- Log in to the Azure Active Directory Admin Center.
- Click on Users.
- Click on Per-User MFA.
- Click on Service Settings.
- Under Verification Options, untick methods not required. For example:
- Set other options as required.
- Click Save.