M365 Changelog: Announcing Public preview - System preferred multi-factor authentication method

MC523051 – Today, various authentication methods are employed by users to provide varying levels of security. Depending on the situation, certain methods may be more secure than others, so it is important to have a range of options available to ensure the right level of security is provided.

Today Microsoft is announcing our solution for this challenge: System-preferred authentication for MFA –where the company will evaluate at runtime, which is the most secure method for the user, of the methods the user has registered. This will help us move away from the erstwhile concept of the user selecting a ‘default’ method and always being prompted for that method first, even when more secure methods are registered and available. 

When this will happen:

Public Preview: Microsoft will begin rolling out on March 1st, 2023.

How this will affect your organization:

In this feature, “System preferred multi-factor authentication method,” Microsoft will decide and prompt which among the user’s registered methods should be prompted for 2nd factor. This would be decided on run time and would be the best method of the methods registered at that given point in time.

This feature will be off by default, please enable this feature using MSGraph API. Once enabled, users will be required to sign in using the most preferred authentication method available. 

This is an excellent approach for users to move away from the less secure telephony methods.

Presently the feature is in Private preview and the admins have the control to turn the feature On/Off using GraphAPI.

The public preview experience will be similar to the private preview where the admins will use the GraphAPI to turn on/off the feature. By the end of March, the admin screen will be available to the user. There would be a toggle available to configure the feature

At GA (in April), Microsoft managed will be set to “enable”. Admins will have the UX and the toggle available 

At GA+3 months (July), the toggle will be taken away from them and the feature will be enabled for all by default.

What you need to do to prepare:

Review the documentation to determine whether or not to enable for your organization.

• System-preferred multifactor authentication – Authentication methods policy