Upcoming changes to managing MFA methods for hybrid customers

This post has been republished via RSS; it originally appeared at: Azure Active Directory Identity Blog articles.

Howdy folks!

 

In November, I shared that we’re simplifying the MFA management experience to manage all authentication methods directly in Azure AD. This change has been successfully rolled out to cloud-only customers. To make this transition smooth for hybrid customers, starting February 1, 2021, we will be updating the authentication numbers of synced users to accurately reflect the phone numbers used for MFA.

 

Daniel Wood, a Program Manager on the Identity Security team will share the details of this change for hybrid customers. As always, please share your feedback in the comments below or reach out to the team with any questions.

 

Best regards,

Alex Simons (Twitter: Alex_A_Simons)

Corporate Vice President of Program Management

Microsoft Identity Division

 

 

---------------------------------------------------------

 

 

Hi everyone,

 

It’s never been more important to enforce MFA. As part of our efforts to make hybrid MFA deployments simpler and more secure, we’ll be updating empty authentication numbers with users’ public phone numbers if those numbers are being used for MFA. This change doesn’t affect the end user experience, but here’s what you’ll see as an admin after February 1:

 

Changes to user records

Starting February 1, 2021, for synced users who are using public profile numbers for MFA, Microsoft will copy the public number to users’ corresponding authentication number. Once the authentication number is populated, the MFA service will call that authentication number, instead of the public number. Microsoft will copy subsequent changes to the public number over to the authentication number until May 1, 2021 (except deletions of the public number).

 

Managing users’ authentication numbers

Going forward, you can manage your users’ authentication numbers directly in Azure AD using:

 

1. The user authentication methods UX

 

2. Microsoft Graph authentication methods APIs

 

 

3. Microsoft.Graph.Identity.Signins PowerShell module

 

 

4. End users can update their authentication numbers in the security info tab of MyAccount.

 

 

We hope these changes will significantly simplify how users and admins manage their authentication methods while enhancing security. Please let us know your thoughts by leaving a comment below.

 

Best,

Daniel Wood (Twitter: Daniel_E_Wood)

Program Manager,

Microsoft Identity Division

 

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.