Upcoming changes to managing MFA methods for hybrid customers

Howdy folks!

In November, I shared that we're simplifying the MFA management experience to manage all authentication methods directly in . This change has been successfully rolled out to cloud-only customers. To make this transition smooth for hybrid customers, starting February 1, 2021, we will be updating the authentication numbers of synced users to accurately reflect the phone numbers used for .

Daniel Wood, a Program Manager on the Identity Security team will share the details of this change for hybrid customers. As always, please share your feedback in the comments below or reach out to the team with any questions.

Best regards,

Alex Simons (Twitter: Alex_A_Simons)

Corporate Vice President of Program Management

Microsoft Identity Division


Hi everyone,

It's never been more important to enforce . As part of our efforts to make hybrid deployments simpler and more secure, we'll be updating empty authentication numbers with users' public phone numbers if those numbers are being used for MFA. This change doesn't affect the end user experience, but here's what you'll see as an admin after February 1:

Changes to user records

Starting February 1, 2021, for synced users who are using public profile numbers for MFA, Microsoft will copy the public number to users' corresponding authentication number. Once the authentication number is populated, the MFA service will call that authentication number, instead of the public number. Microsoft will copy subsequent changes to the public number over to the authentication number until May 1, 2021 (except deletions of the public number).

Managing users' authentication numbers

Going forward, you can manage your users' authentication numbers directly in using:

1. The user authentication methods UX


2. Microsoft Graph authentication methods APIs

bh2 (3).png

3. Microsoft.Graph.Identity.Signins PowerShell module

bh3 (2).png

4. End users can update their authentication numbers in the security info tab of MyAccount.


We hope these changes will significantly simplify how users and admins manage their authentication methods while enhancing security. Please let us know your thoughts by leaving a comment below.


Daniel Wood (Twitter: Daniel_E_Wood)

Program Manager,

Microsoft Identity Division


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.