Office365 turn off Microsoft Authenticator and enable sms


Why does Microsoft make it so hard on a new Office365 tenant.  Once the account is created they now turn on MFA security which insists on Microsoft Authenticator for Admins and users too.

Here is the fix for turning off the security defaults, changing the options to SMS so that you get a text message code sent instead of using the microsoft authenticator app.

** in case you are concerned with security - SMS means you can be attacked by someone cloning your Sim card or getting a replacement Sim card from your provider.  Where as, Microsoft Authenticator means they would need you phone, unless you lose your phone and then you cant access it either !

1. Login to Office365 Admin Console and choose "Active"

2. Select Azure Active Directoy and then Properties

 3. Scroll to the bottom and select - Manage Security Defaults

 4. Disable the Security Defaults as we will be enabling them per user

5. Go back to the Office365 Admin Console and select Active Users 

6.  Select Multi Factor Authentication

7. Just under the heading Microsoft have made Service Settings un-noticeable ..Select this 

 8. Select your verification requirements

Select a user and enable MFA, when they log in with their account it will ask them to choose country and add their mobile number