In a recent post on Petri, I explained how to set up passwordless sign-in using the Microsoft Authenticator app for Microsoft 365 and Azure Active Directory (recently renamed Microsoft Entra ID) users. When passwordless sign-in is enabled in Azure AD, instead of entering a password, users can confirm their identity using the Microsoft Authenticator app, a FIDO2 security key, or by SMS message.
In this article, I will show you how to configure passwordless sign-in by SMS. It’s worth remembering that SMS-based authentication is currently in preview and that it shouldn’t be used in production environments until it reaches general availability. There are also some limitations during preview:
For additional information on passwordless sign-in, check out Understanding Windows 10 and Microsoft 365 Passwordless Sign-In on Petri.
Before a user can sign-in using SMS, they must be assigned one of the following licenses:
The first step you need to perform is to enable SMS-based sign-in for users in your Azure AD tenant.
Alternatively, you can set TARGET to Select users and enable passwordless sign-in for a group instead of all users in the directory.
Users must register at least one phone number as an authentication method before they can use SMS-based sign-in. If users already have a phone number registered for use with multifactor authenticator, they won’t need to reregister the number to use it with SMS-based sign-in.
If users need to add a phone number as an authentication method, they can do it here on the My Sign-ins page. Users will need to click Security info in the list of options on the left, click + Add method on the Security info screen, and then follow the on-screen instructions. Users can also choose ‘Phone – text’ as the default sign-in method.
If a user already had a phone number registered before SMS sign-in was enabled for the tenant, they will need to click the prompt on the My Sign-ins page to enable the number for phone sign-in.
Alternatively, Azure AD admins can add and enable phone numbers for users in the Azure administration portal.
Finally, let’s sign in using an account that has a registered phone number enabled for sign-in. Note that if multifactor authentication is enabled for the account, the user will not be able to sign in by SMS because text message is not a supported first factor.
And that is it! You should now be signed in to Microsoft 365 or Azure AD.