(Updated) Changes to the registration campaign feature in Microsoft Entra (previously Azure Active Directory)

Updated September 18, 2023: Deployment will begin September 25th and will run to October 20th. These dates replace the dates mentioned in the email “We’re enabling a stronger form of multifactor authentication beginning September 15, 2023” that you might have received. We apologize for the inconvenience.

Publicly switched telephone networks (PSTN) such as SMS and voice authentication are the weakest forms of MFA. To help your users move away from these less secure MFA methods we are introducing changes to the Microsoft managed state of the registration campaign (aka Nudge) feature in Microsoft Entra (previously Azure Active Directory).

[When this will happen:]

Starting late September 2023 and expect to complete by late October 2023. 

[How this affects your organization:]

Users in your organization who are relying on PSTN (SMS and/or voice) for MFA will be prompted to use the Microsoft Authenticator app. Users can skip this prompt for a maximum of 3 times, after which registration of the app will be required by default. Note: admins can decide it they want to opt out of the “limited” 3 snooze configuration or give their end users the ability to snooze indefinitely.

[What you can do to prepare:]

We urge you to motivate your users to immediately stop using SMS and voice for MFA. You can take advantage of several new admin levers to achieve this such as system-preferred MFA and Microsoft Authenticator Lite, in addition to registration campaign. However, if some of your users require more time you can exempt them for now. Sign in as Global Administrator or Authentication Policy Administrator and go to Microsoft Entra > Identity > Protection > Authentication methods > Registration campaign and exclude these user groups.

Stay alert, stay secure!

Microsoft Identity & Network access (IDNA) product group

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *