Azure : Disable Phone MFA/SSPR/Registration

How To : Stop Azure asking for allowing phone number as an authentication backup method or any method?

Simple follow these steps:

When it comes to users being prompted to add a phone number, can you see if disabling the "Call to phone" and "Text message to phone" verification options here:


If the Per-User MFA settings don't remove the option, check for your Azure Tenant is registered for Combined Registration? you may need to set this to "None"


Finally check policy for SSPR, since the phone number could be a required for SSPR purposes and not MFA.


When it comes to having multiple methods of authentication this should also prevent users from being accidentally locked out of your Azure Active Directory tenant.

Optional : Ignore legacy settings

NOTE : Check this article before clicking buttons as it has global changes: https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-authentication-methods-manage


Finally, if you navigate to the Authentication Method policy section, the choose the "Manage Migration" option.....


Then you need to set "Migration Complete" to ignore those legacy policies, the default at the moment is "Pre-Migration" which uses new policies and respects the old policies....


This will tell Azure to "ignore" the legacy "per-user-MFA" settings and only read the "modern" settings, however this will be a decision you company need to configure and decide on!!!



Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„