M365 2FA Text Message Only?

Velvis

Velvis

Well-Known Member
Reaction score
46
Location
Medfield, MA
Can M365 2FA be setup to only require a simple text message sent code? It seems to want to force people to use an authorization app which for some people isnt working properly.
 
It can, but I generally have it disabled because SMS based 2FA isn't 2FA at all in many cases, double true for business owner.
 
YeOldeStonecat said:
Can you describe what isn't working properly with the MS Auth app?
Click to expand...
Mostly PEBKAC, but I'm not on site as alot of the people work from home and sometimes anything more than left click is a chore. I was hoping to be able to setup 2fa as an admin and add their cell phone to their accounts so it just texts them when they goto sign in the first time.
 
Velvis said:
Mostly PEBKAC, but I'm not on site as alot of the people work from home and sometimes anything more than left click is a chore. I was hoping to be able to setup 2fa as an admin and add their cell phone to their accounts so it just texts them when they goto sign in the first time.
Click to expand...
You have to do DUO if you want to do that, there is no way to do enrollment for them within Microsoft's tools.
 
Velvis said:
Mostly PEBKAC, but I'm not on site as alot of the people work from home and sometimes anything more than left click is a chore. I was hoping to be able to setup 2fa as an admin and add their cell phone to their accounts so it just texts them when they goto sign in the first time.
Click to expand...

So the issue is first time setup of their phone? Because once the MS Auth app is on, it is very simple to just click "approve"...a couple of times as the end user logs into office.com, installs/launches the Office apps, logs into them for the first time, OneDrive, Teams, etc. Once a device is allowed to be managed by the organization....the end user is generally not prompted to MFA approve again for a long time...only for web logins.

You can enter users cell phones and alternate email addys under their accounts for them in AzureAD side of things.
The defaults of self service password reset will have them just review that and it can become their methods to approve sign in, like get SMS text.

For new clients I'm onboarding, I include setting up MFA and registering client devices as part of my job. I also created a KB in our HUDU which I share to clients on setting up MFA on their phones..the whole process start to finish, which clients (at least the main person/people at each client) have access to for a hand holding guide.
 
Last edited:
We had a case just yesterday with a new employee and his iPhone. Got the MS Authenticator app installed, and it worked ONCE, but by the time he figured out how to pull up the app because he missed the original approval window, the time had expired. After that, the logon would just hang somehow with the spinning disk until it finally gave the "something went wrong" message. Nothing we tried would get it to go, unfortunately. This was all remote, and we were remoted into the phone - always a pain with iPhones, and the computer in separate windows. In the end we ran out of time and have scheduled another session for today - we'll see how it goes.
 
Yeah everything is 10x more difficult or barely compatible on Apple devices. Possibly the MS Auth app also got bound up waiting for the "unlock phone"...which is on by default.

Or...if the current phone had a history of apps "migrated" from the old phone, I've found on Apples...often you need to uninstall the app and download again and reinstall (I just had to do that this morning on a clients new iPhone 13).
 
@HCHTech @YeOldeStonecat iPhones have a dedicated permission for push notifications that has to be set per app, and they LOVE to turn it off. To make matters worse, Microsoft will autoban an authenticator that causes too many failures VERY AGGRESSIVELY until it's been used a few times.

Between the two processes, a bucket of iPhones land in reenrollment hell... drives me nuts, but it is what it is.
 
nlinecomputers said:
I know of no app that will let you fully control an iPhone.
Click to expand...
TECHNICALLY ConnectWise Control will... But good freaking luck walking an end user through the set up, and still unreliable and inconsistent. I usually do view-only and then tell them where to touch. Granted, even view-only is getting painful.
 
You must log in or register to reply here.

Similar threads

HCHTech
M365 can send but not receive email
2
Replies
20
Views
1K
callthatgirl
callthatgirl
britechguy
Google Workspace Business Starter & possible move to M365 Business Standard
Replies
11
Views
445
thecomputerguy
thecomputerguy
HCHTech
Microsoft Authenticator
2
Replies
20
Views
2K
YeOldeStonecat
YeOldeStonecat
thecomputerguy
Family friends son died unexpectedly and is out of options right?
Replies
15
Views
603
fincoder
fincoder
HCHTech
[SOLVED] Exchange Mail Flow Rules and + addresses
Replies
4
Views
230
HCHTech
HCHTech
Back
Top