Skip to Content

How to identify who using Phone and SMS authentication in Azure AD/Entra ID

By: Author Alex Lim

Posted on

Categories Microsoft

To identify users still using Phone & SMS authentication in Azure AD or Entra ID and migrate them to the Microsoft Authenticator app:

Solution 1: Use the Azure AD Sign-ins report:

  1. Navigate to the Azure AD portal.
  2. Select “Sign-ins” under “Monitoring“.
  3. Filter the results by authentication method (Phone & SMS).
  4. Export the data to analyze users still relying on these methods.

Solution 2: Run a PowerShell script:

  1. Connect to Azure AD using the MSOnline module.
  2. Use the Get-MsolUser cmdlet with filters to identify users with Phone & SMS authentication.

Example script:

Get-MsolUser -All | Where-Object {$_.StrongAuthenticationMethods -match "Phone|OneWaySMS"}

Solution 3: Encourage users to switch:

  • Communicate the benefits of the Microsoft Authenticator app (security, convenience).
  • Provide clear instructions on setting up the app.
  • Set a deadline for the migration.

Solution 4: Enable the Authenticator app for users:

  1. In the Azure AD portal, go to “Authentication methods
  2. Select “Microsoft Authenticator” and configure the settings
  3. Assign the Authenticator app to users

Note: Microsoft won’t automatically migrate users to the Authenticator app. It requires manual intervention and user cooperation for a smooth transition.

By following these steps, you can successfully identify users still on Phone & SMS authentication and guide them to adopt the more secure Microsoft Authenticator app, enhancing your organization’s overall security posture.