Azure AD – You can now authenticate with text message (preview)

As you know, Microsoft has embarked to a password-less journey by providing more secure authentication process with Windows Hello or FIDO2 security key.

Well, the journey is continuing with a new way to authenticate with text messages.

NOTE first, an important disclaimer as this is an early preview, there are some limitations:

  • SMS-based authentication isn’t currently compatible with Azure Multi-Factor Authentication
  • With the exception of Teams, SMS-based authentication isn’t currently compatible with native Office applications
  • SMS-based authentication isn’t recommended for B2B accounts
  • Federated users won’t authenticate in the home tenant. They only authenticate in the cloud

That said it should not stop you to start enabling and using it, knowing this text message authentication method has been developed with first line workers which most of the time just have a mobile device.

Enable text  message authentication

To enable this new authentication method, logon to your Azure portal (https://portal.azure.com/) or Azure AD portal (https://aad.portal.azure.com/) and then reach the Azure Active Directory\Security\Authentication Methods\Authentication Method policy blade

image_thumb  image_thumb[1]

There you will see all authentication methods available (FIDO2 security key, Microsoft Authenticator) and the new Text Message

When you hit the Text Message authentication method, you can turn it on and select if it will be available to all or a set of users

image_thumb[2]

As you are making an authentication method which requires to receive a text message, you then need to ensure your user accounts have a mobile phone configured for the authentication method.

This can be done by the end-users themselves using the self-service password reset (SSPR) or MFA registration portal (https://aka.ms/MFASetup), or by an Azure AD administrator by editing the Authentication Methods for the user account (don’t worry Azure AD is validating the format).

NOTE don’t forget Microsoft has streamlined the registration process for both SSPR or MFA registration, making it easier for your end-users to register

image_thumb[6]

If there is already a mobile phone registered, you will have to click the Enable option shown in the banner below the phone number (if have switched back my portal to the default colours to provide better reading); once completed you should then see the SMS sign-in ready on the top left

image_thumb[5]  image_thumb[7]

Use text message based authentication

Once everything is set, next time your end-user will have to logon to Office 365 services, instead of entering a username, they will have to enter their mobile phone number for the username

NOTE use the international format – +<country code><space><9 digits phone number> – example +61 412345679

image_thumb[4]  image_thumb[8]

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies