Microsoft Entra ID Will Retire SMS and Voice Authentication
11 hours ago
- #Microsoft Entra ID
- #Passkeys Migration
- #MFA Retirement
- Microsoft is retiring SMS and voice as MFA methods provided by Microsoft in Entra ID, with complete retirement by February 1, 2027.
- Passkeys will become the default sign-in method starting September 1, 2026, where users enabled for SMS/voice will be auto-enabled for passkeys.
- After February 1, 2027, users with only SMS or voice as MFA will face a blocking prompt to register a passkey, with no opt-out.
- Organizations must find users enabled for SMS/voice in Authentication Methods Policy and identify those relying solely on phone-based MFA.
- A temporary opt-out is available from August 1, 2026, to delay auto-enablement until migration is complete, but not for the final retirement.
- Microsoft provides scripts and admin center tools to analyze SMS/voice usage and identify affected users, including phone-only users.
- Organizations should plan migration to phishing-resistant methods like passkeys, update documentation, and consider telecom providers via Microsoft Security Store if SMS/voice is still needed.
- Edge cases include shared/kiosk computers and users without suitable devices, requiring solutions like FIDO2 security keys or third-party telecom services.