question

NicolaSwan-1726 avatar image
1 Vote"
NicolaSwan-1726 asked DavidBycraftADM-5066 answered

MFA - Using alternative email address to verify identity

Hi Everyone

Our organisation is in the process of rolling out MFA across all users, and our testing phase is coming to a close so we'll be pushing everyone to sign up within the next couple of months.

One of our concerns is that if a user leaves their phone at home and needs to sign in using a method other than the Authenticator app or a code via text, there doesn't seem to be an option aside from "turn MFA off for the user" to allow them to log in and work.

We require everyone to add an alternative email address to use MFA and SSPR in the organisation. Is there a way to use this email to receive a code to allow login? We don't have an on-premise phone system that would allow code delivery so this isn't an option unfortunately. Turning off extra security really isn't an option and can be abused repeatedly.

Any guidance or alternatives would would greatly appreciated :)

Many thanks, Nicola

azure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered

@NicolaSwan-1726
Thank you for your post!

Unfortunately, the only forms of verification that can be used with Azure AD Multi-Factor Authentication (AzureAD MFA), is MS Authenticator App, OATH token, SMS, or Voice call. For more info.

You can also see this listed within "aka.ms/mfasetup"
58351-image.png


An alternative could be Windows Hello for Business, however, if you have any questions regarding Windows Hello, I'd recommend reaching out to our experts via the Windows Hello Community Forums.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (10.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DavidBycraftADM-5066 avatar image
0 Votes"
DavidBycraftADM-5066 answered

I think this would be a useful option for a lot of organisations- I've been leading a rollout of MFA in mine and have had a small number of users who are reluctant to use their personal devices for MFA. If we could give them the option of creating an email address solely for this purpose with a free email provider it would give us an option to these people. We don't want to 'force' them to use their own devices, though that seems to be the only option left.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.