Hey everyone! I'm pretty new to Entra ID/Azure AD MFA and I'm looking for some help from this amazing community. I've been searching for an official Microsoft announcement regarding when they plan to deprecate SMS and voice call as MFA methods, but I can't seem to find any concrete information. I understand that these methods are not the most secure due to risks like SIM swapping and phishing, but my boss is still keen on using them. So, does anyone know if Microsoft has set a timeline for phasing these out, or are they just discouraged but still hanging around for the time being? Any info or useful links would be greatly appreciated! Thanks a lot!
2 Answers
There’s currently no official roadmap for requiring phishing-resistant MFA across all Entra tenants, although you can set it up in Conditional Access Policies. If you're looking to encourage your boss to consider alternatives, you might point him to CISA's documentation regarding mandatory phishing-resistant MFA. It could be a good leverage point!
Unfortunately, there’s no specific deprecation date at this moment. It seems like they acknowledge the vulnerabilities, but there’s still a lot of hesitation to drop these methods completely.
Related Questions
Sports Team Randomizer
10 Uses For An Old Smartphone
Midjourney Launches An Exciting New Feature for Their Image AI
ShortlyAI Review
Is Copytrack A Scam?
Getting 100 on Pagespeed Insights for Mobile is Impossible