Currently we trying to reset MFA in Azure B2C through Microsoft Graph API. The idea is to delete existing phone number in authentication methods, that at the next login user would be prompt for provide new one. We are using standard built-in user-flows for user login / registration. The problem is that B2C during MFA registration stores phone number in authentication methods without space between country prefix and phone number (so in Azure Portal it’s +11112223333, and should be +1 1112223333). MFA works fine, but because of this: we are not able to query for phone number with Graph Api ( https://learn.microsoft.com/en-us/graph/api/authentication-list-phonemethods?view=graph-rest-beta&tabs=http ) – GET returns empty array; we are not able to delete phone number with Graph Api ( https://learn.microsoft.com/en-us/graph/api/phoneauthenticationmethod-delete?view=graph-rest-beta&tabs=http ) – DELETE returns 404; One workaround is POST new fake number with correct format through Graph Api and then delete it. Do you know is there better way to reset MFA or force B2C MFA to store phone number in correct format?

Hi @s k , we have an issue ticket raised for this that we are working on. When it is finished we will let you know, hopefuly soon! Best, James

Is there any update on this? We are experiencing the same issue.

Is there any update about this? Any ticket we can track?

Hi All, I am unable to save the MFA phone number without space in azure portal via custom policy ,can anyone provide the update on this ?

I don't think that the space is related to this problem. I was able to hardcode a phone number when persisting it to the strongAuthenticationPhoneNumber attribute and it doesn't show up in the API either way.

Azure AD B2C MFA saves phone number with incorrect format (without space)

s k 6

Currently we trying to reset MFA in Azure B2C through Microsoft Graph API. The idea is to delete existing phone number in authentication methods, that at the next login user would be prompt for provide new one. We are using standard built-in user-flows for user login / registration.

The problem is that B2C during MFA registration stores phone number in authentication methods without space between country prefix and phone number (so in Azure Portal it’s +11112223333, and should be +1 1112223333). MFA works fine, but because of this:

we are not able to query for phone number with Graph Api (https://learn.microsoft.com/en-us/graph/api/authentication-list-phonemethods?view=graph-rest-beta&tabs=http ) – GET returns empty array;
we are not able to delete phone number with Graph Api (https://learn.microsoft.com/en-us/graph/api/phoneauthenticationmethod-delete?view=graph-rest-beta&tabs=http) – DELETE returns 404;

One workaround is POST new fake number with correct format through Graph Api and then delete it. Do you know is there better way to reset MFA or force B2C MFA to store phone number in correct format?

James Hamil 21,851 Reputation points Microsoft Employee

2021-03-10T23:47:51.237+00:00

Hi, we are investigating your issue and will update you shortly.

Best,
James

5 answers

James Hamil 21,851 Reputation points Microsoft Employee

2021-03-15T19:00:33.453+00:00

Hi @s k , we have an issue ticket raised for this that we are working on. When it is finished we will let you know, hopefuly soon!

Best,
James
Please sign in to rate this answer.
LO-atlas 1 Reputation point

2022-07-06T22:00:17.967+00:00

@James Hamil do you have any status updates o that ticket or anynwhere we can track it?

Sam Mooney 1 Reputation point

2022-07-26T15:52:55.557+00:00

Is there an update on the status? I've been looking but unable to find anything. If there is a link to the ticket or a way we can follow the status, please let us know. Thx - Sam

apparao 1 Reputation point

2022-11-04T09:20:06.997+00:00

Hi All,

I am unable to save the MFA phone number without space in azure portal via custom policy ,can anyone provide the update on this ?

Stephen Aitchison 0 Reputation points

2023-05-03T22:32:18.1966667+00:00

Hi @James Hamil - or anyone at MS - any update on how to resolve this? I'm getting this from the ConvertStringToPhoneNumberClaim Claim Transformation method, to convert country code and number to a 'phoneNumber' Claim Type - which has no space in the phone number. However interacting with this using Graph API (i.e. from a managed/support bespoke portal) this causes formatting issues, and needs a space between Country Code and Phone number. Seems like a disconnect from the IEF Development Team and the Azure AD / B2C portal Development team?
Sign in to comment
Hetal Madhani 1 Reputation point

2022-08-17T14:28:38.623+00:00

Is there any update on this? We are experiencing the same issue.
Please sign in to rate this answer.
Hetal Madhani 1 Reputation point

2022-08-17T14:29:09.717+00:00

@Chad Hasbrook
Sign in to comment
Tomas Salim 1 Reputation point

2022-11-03T20:09:01.553+00:00

Is there any update about this? Any ticket we can track?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
apparao 1 Reputation point

2022-11-04T09:20:16.253+00:00

Hi All,

I am unable to save the MFA phone number without space in azure portal via custom policy ,can anyone provide the update on this ?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Martín Fernández 1 Reputation point

2022-12-20T14:47:56.443+00:00

I don't think that the space is related to this problem. I was able to hardcode a phone number when persisting it to the strongAuthenticationPhoneNumber attribute and it doesn't show up in the API either way.
Please sign in to rate this answer.
AdamKozmic-7665 55 Reputation points

2023-08-29T19:32:16.1233333+00:00

Still seeing same behavior. I worked around the phone number missing the space in a convoluted way with a series of claims transformations that put the "space" back in between the countryCode and number because I thought that would fix it. Unfortunately, It looks like the strongAuthenticationPhoneNumber is saved off to the authentication methods in some weird "half-baked" state where its not enabled for signin, even with the space.

After the claim persists, it shows up in the user's Auth Methods page but with a blue box that says "This phone number can be used as a username to sign in. A text message will be sent for verification during sign-in." with a little "Enable" link. If you try to call the Graph API to retrieve the user's auth methods, it does not show up in the results.

However, if you click the "Enable" link in the UI, the blue box goes away and then the phone factor starts showing up in the API and all API methods work with it.

If you start in the UI and just enter a net-new phone number, you are forced to add a space between the country code and the national number via UI validation, and there is never a blue box, and it will show up in the API immediately like so:

{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('#REDACTED#')/authentication/phoneMethods", "value": [ { "id": "3179e48a-750b-4051-897c-87b9720928f7", "phoneNumber": "#REDACTED#", "phoneType": "mobile", "smsSignInState": "notAllowedByPolicy" } ] }

As of right now I have no workaround for how to obtain the users strongAuthenticationPhoneNumber via the API after being set via a custom policy.
Sign in to comment