Upcoming changes to managing MFA methods for hybrid customers

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Azure Active Directory Identity Blog articles.

Howdy folks!

 

In November, I shared that we’re simplifying the MFA management experience to manage all authentication methods directly in Azure AD. This change has been successfully rolled out to cloud-only customers. To make this transition smooth for hybrid customers, starting February 1, 2021, we will be updating the authentication numbers of synced users to accurately reflect the phone numbers used for MFA.

 

Daniel Wood, a Program Manager on the Identity Security team will share the details of this change for hybrid customers. As always, please share your feedback in the comments below or reach out to the team with any questions.

 

Best regards,

Alex Simons (Twitter: Alex_A_Simons)

Corporate Vice President of Program Management

Microsoft Identity Division

 

 

---------------------------------------------------------

 

 

Hi everyone,

 

It’s never been more important to enforce MFA. As part of our efforts to make hybrid MFA deployments simpler and more secure, we’ll be updating empty authentication numbers with users’ public phone numbers if those numbers are being used for MFA. This change doesn’t affect the end user experience, but here’s what you’ll see as an admin after February 1:

 

Changes to user records

Starting February 1, 2021, for synced users who are using public profile numbers for MFA, Microsoft will copy the public number to users’ corresponding authentication number. Once the authentication number is populated, the MFA service will call that authentication number, instead of the public number. Microsoft will copy subsequent changes to the public number over to the authentication number until May 1, 2021 (except deletions of the public number).

 

Managing users’ authentication numbers

Going forward, you can manage your users’ authentication numbers directly in Azure AD using:

 

1. The user authentication methods UX

bh1.png

 

2. Microsoft Graph authentication methods APIs

bh2 (3).png

 

 

3. Microsoft.Graph.Identity.Signins PowerShell module

bh3 (2).png

 

 

4. End users can update their authentication numbers in the security info tab of MyAccount.

bh4.png

 

 

We hope these changes will significantly simplify how users and admins manage their authentication methods while enhancing security. Please let us know your thoughts by leaving a comment below.

 

Best,

Daniel Wood (Twitter: Daniel_E_Wood)

Program Manager,

Microsoft Identity Division

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.