FAQs
Re: O365 - MFA - SMS deletion - question about alternatives
Is Microsoft discontinuing SMS MFA? ›
Currently, Microsoft plans to discontinue SMS and phone-based MFA in October 2024, at which point all Microsoft 365 members will be required to switch their MFA methods. At that time, a person could be forced from using SMS 2FA. People are being prompted to switch MFA methods now.
Why is SMS not recommended for MFA? ›
SMS-based MFA vulnerabilities can lead to significant breaches, financial loss, and damage to reputation. Enterprises must adopt stronger MFA solutions to protect their digital infrastructure. Users can: Use a unique and unpublished phone number for SMS-based MFA.
What are the alternatives to Office 365 MFA? ›
Google Authenticator, 1Password, LastPass Authenticator, Authy, and most TOTP apps will scan the code. After it's set up, click next on the Microsoft site.
How do I delete SMS from Azure AD MFA? ›
Browse to https://portal.azure.com/ and login with Global admin credentials.
- Now browse to Microsoft Entra ID.
- Click on "Security" option on the left side.
- Now click on "authentication methods".
- once you click on policies you will be able to see all the MFA policies which are enabled.
Rich Communication Services (RCS) is a protocol aimed at replacing SMS messages with a richer text-message system that can transmit in-call multimedia, provide phonebook polling, and transmit other types of content.
Is SMS becoming obsolete? ›
The answer is, no. From a person-to-person text message perspective, the popularity of this technology as a communications medium cannot be denied. The same thing can be said for businesses.
Is Microsoft 365 forcing MFA? ›
Microsoft has announced it will be enforcing Multi-Factor Authentication (MFA) for all Microsoft 365 tenants beginning March 11, 2024.
Which option should be avoided in MFA? ›
Factors that rely on your phone number, such as SMS and phone calls should be avoided if possible as they are the least secure and provide the worst user experience.
Is Azure MFA discontinued? ›
Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication requests, which could cause authentications to fail for your organization.
Separate Charges
A flat fee of $0.03 is billed for each SMS/Phone-based multi-factor authentication attempt.
How do I remove MFA token from Office 365? ›
Disable multi-factor authentication for a user
- Log in to your Office 365 Control Panel.
- From the left menu, select Office 365 Admin Center.
- From the top menu, select Multi-factor authentication.
- Select the check box next to the user you need to disable multi-factor authentication for.
- Under quick steps, select Disable.
If you can still access your account, you can follow the steps below to remove text message authentication from the Security info page:
- Sign in to your Microsoft account at account.microsoft.com.
- Go to the Security info page.
- Under the "Two-step verification" section, select "Turn off two-step verification."
Microsoft is not disabling the voice/SMS methods currently, they are simply recommending that you switch to another method, where possible.
What replaced Microsoft SMS? ›
In 2007, System Management Service (SMS) became System Center Configuration Manager (SCCM).
Is Microsoft forcing MFA for Office 365? ›
Microsoft has announced it will be enforcing Multi-Factor Authentication (MFA) for all Microsoft 365 tenants beginning March 11, 2024. Microsoft will begin its rollout of security defaults on all tenants that don't already have security defaults or Conditional Access policies enabled.
Is SMS better than Microsoft authenticator app? ›
You should use an authenticator app over SMS authentication because it is more secure and less likely to be intercepted by cybercriminals. Authenticator apps generate 2FA codes locally on a device, rather than sending them unencrypted over text message.
