We help IT Professionals succeed at work.

Multi factor authentication , azure AD office 365

Medium Priority
96 Views
Last Modified: 2020-01-24
We need to disable txt message for users who are using MFA and use app
Instead

Is it a good idea
Comment
Watch Question

Jackie Man IT Manager
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Yes. It is a good idea.

Why?

I recalled a demo in a security seminar a few years before that it is possible to input a few codes to the smartphone of a user and afterwards, all call log and received txt messages will be seen by the hacker online provided that the smartphone is connected to the Internet.

Besides, there are occasions which iPhone users will experience a delay in receiving txt message when iMessage platform has a problem.

Finally, in using Microsoft Authenticator app, your user can set a fingerprint authentication (Touch ID) before the app can be assessed and you cannot protect txt messsge if the phone screen  is unlocked.

Fingerprint authentication

Author

Commented:
How can a user set finger authentication before the app can be accessed
IT Manager
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
How can a user set finger authentication before the app can be accessed.

The feature is called App lock.

Within Microsoft Authenticator app, go to Settings and scroll down to the bottom to enable App Lock.

 App Lock
Of course, the smartphones need to have fingerprint security feature.

Author

Commented:
How can I enable MFA for all users

Author

Commented:
Right now I am doing one by one
Jackie Man IT Manager
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Unless you have MDM in place to push the app to the users, you have to do them one by one.

Author

Commented:
We have air watch but how to enable from 365 portal right now all users have disabled MF A