We're looking to update and improve our MFA security settings for our Azure portal.
1) All Azure AD users can only login with MFA through A) Authenticator App and/or B) Yubikeys
1) When registering a device to for MFA, azure asks for a phone number and without it you cannot progress in registering the device for MFA. Our issue with this is that SIMs are relatively easy to virtually duplicate and weaken MFA as a security feature. We want to make sure that each user can only access the azure portal using an Authenticator app and or a Yubikey.
How do we disable Azure asking for phone number as an authentication backup method? Without providing a phone number to text it won't let our users go forward with finalizing a device for MFA setup.
Potentially Important Information:
Our license type is: Azure AD Free