


I realise of course its a good thing but I know they are not keen on MFA mainly I think because some of them work in areas o. I have had this message pop up for one of my old clients I still do support for and I am still the Admin for on their 365 system. Microsoft enforcing MFA in 365 in 12 days message Cloud Computing & SaaS.So give them options and teach them some best practices to save yourself a headache or three.

The reality is they will lose a phone or run into issues and you will support those. Try not to force your users into only one or two options because you live in the illusion that x is more secure than y with all the mfa options.

If the app you use (authenticator) is on your phone, and your call to auth, is your cell, and your sms to auth is your cell. The main point for MFA (with 365 or any system that uses MFA could be your bank for example) is to remember how useless it is when you lose that single point of failure (your phone) The MFA in 365 does NOT require the use of an app at all (that is a misnomer due to MS making it the default) with Azure AD (and certain skus for AAD may change options) but you can absolutely use SMS, calls, alt email, app, yubikey and maybe another method or two i forgot. Option 2: Use your 2FA backup code if you recorded it during the initial 2FA setup process.Not sure what sort of reporting are you looking for? There are audit logs for authentication attempts in Azure Ad which show a ton of information about success/failure/where from/what os/what device/mfa or not/etc etc Note: It is not possible to set up a Master Key once you've already lost your sign-in 2FA. Option 1: Use 2FA bypass if you have a Master Key set up on your account. Follow the instructions to set up 2FA on your new phone.Ĭhanging sign-in 2FA if your old phone is lost or stolen:.Click Change method within the Sign-in section.Select your name in the top right corner and then select Security.Changing sign-in 2FA if you still have your old phone: Once you have access to your account (via sign-in 2FA), you can easily remove trading 2FA, funding 2FA and Master Key 2FA as long as the Global Settings Lock is not enabled and then just set up those 2FAs again from scratch. Note: to remove trading 2FA, funding 2FA and Master Key 2FA, you do not need access to the original 2FAs or to any backups. If the authenticator app you are using does not have a way to export to your new device, below are instructions on how to change your sign-in 2FA if you still have access to the old phone or how to bypass sign-in 2FA if you no longer have access to the old phone. If you are using an authenticator app for sign-in 2FA for your Kraken account, first check and see if the authenticator app you are using has an export feature where you can transfer your accounts to your new device (Google Authenticator for Android now supports this).
