As you know, Microsoft has embarked to a password-less journey by providing more secure authentication process with Windows Hello or FIDO2 security key.
Well, the journey is continuing with a new way to authenticate with text messages.
NOTE first, an important disclaimer as this is an early preview, there are some limitations:
- SMS-based authentication isn’t currently compatible with Azure Multi-Factor Authentication
- With the exception of Teams, SMS-based authentication isn’t currently compatible with native Office applications
- SMS-based authentication isn’t recommended for B2B accounts
- Federated users won’t authenticate in the home tenant. They only authenticate in the cloud
That said it should not stop you to start enabling and using it, knowing this text message authentication method has been developed with first line workers which most of the time just have a mobile device.
Enable text message authentication
To enable this new authentication method, logon to your Azure portal (https://portal.azure.com/) or Azure AD portal (https://aad.portal.azure.com/) and then reach the Azure Active Directory\Security\Authentication Methods\Authentication Method policy blade
There you will see all authentication methods available (FIDO2 security key, Microsoft Authenticator) and the new Text Message
When you hit the Text Message authentication method, you can turn it on and select if it will be available to all or a set of users
As you are making an authentication method which requires to receive a text message, you then need to ensure your user accounts have a mobile phone configured for the authentication method.
This can be done by the end-users themselves using the self-service password reset (SSPR) or MFA registration portal (https://aka.ms/MFASetup), or by an Azure AD administrator by editing the Authentication Methods for the user account (don’t worry Azure AD is validating the format).
NOTE don’t forget Microsoft has streamlined the registration process for both SSPR or MFA registration, making it easier for your end-users to register
If there is already a mobile phone registered, you will have to click the Enable option shown in the banner below the phone number (if have switched back my portal to the default colours to provide better reading); once completed you should then see the SMS sign-in ready on the top left
Use text message based authentication
Once everything is set, next time your end-user will have to logon to Office 365 services, instead of entering a username, they will have to enter their mobile phone number for the username
NOTE use the international format – +<country code><space><9 digits phone number> – example +61 412345679