Hasty Briefsbeta

Bilingual

Microsoft Entra ID Will Retire SMS and Voice Authentication

11 hours ago
  • #Microsoft Entra ID
  • #Passkeys Migration
  • #MFA Retirement
  • Microsoft is retiring SMS and voice as MFA methods provided by Microsoft in Entra ID, with complete retirement by February 1, 2027.
  • Passkeys will become the default sign-in method starting September 1, 2026, where users enabled for SMS/voice will be auto-enabled for passkeys.
  • After February 1, 2027, users with only SMS or voice as MFA will face a blocking prompt to register a passkey, with no opt-out.
  • Organizations must find users enabled for SMS/voice in Authentication Methods Policy and identify those relying solely on phone-based MFA.
  • A temporary opt-out is available from August 1, 2026, to delay auto-enablement until migration is complete, but not for the final retirement.
  • Microsoft provides scripts and admin center tools to analyze SMS/voice usage and identify affected users, including phone-only users.
  • Organizations should plan migration to phishing-resistant methods like passkeys, update documentation, and consider telecom providers via Microsoft Security Store if SMS/voice is still needed.
  • Edge cases include shared/kiosk computers and users without suitable devices, requiring solutions like FIDO2 security keys or third-party telecom services.