Microsoft Entra ID Users to Receive MFA Passcodes via WhatsApp in Select Countries
Microsoft Entra ID is reintroducing WhatsApp as a method for delivering MFA one-time passcodes to users in India and other countries.
Published: Nov 07, 2024
Key Takeaways:
- Microsoft Entra ID will soon allow users to receive one-time passcodes (OTPs) for multifactor authentication (MFA) through WhatsApp.
- This feature will initially be available for commercial customers in India and some other countries.
- Users without WhatsApp or internet access will automatically receive OTPs via SMS.
Microsoft Entra ID users will soon have the option to receive multifactor authentication (MFA) one-time passcodes (OTPs) directly through WhatsApp. This feature will initially be available to commercial customers in India and select other countries.
Microsoft Entra ID (formerly known as Azure Active Directory) is a cloud-based identity and access management service that enables organizations to manage identities across both cloud and on-premises environments. Currently, Entra ID sends OTPs via text messages, which users receive in their default messaging app on Android and iOS devices.
Last year, Microsoft Entra ID introduced WhatsApp as an alternative for sending OTPs to users in India and Indonesia. The company found that this capability helped to enhance deliverability, completion rates, and user satisfaction compared to other methods. However, Microsoft temporarily disabled the channel in India.
Microsoft Entra ID expands WhatsApp OTP for MFA
Microsoft has now decided to reintroduce the WhatsApp OTP option in India and expand it to more countries. This feature will be available only to users set up to receive MFA text messages and who already have WhatsApp installed on their Android or iOS devices. The WhatsApp sender agent displaying the OTPs will be branded as Microsoft and will feature a verified checkmark.
“If a user with WhatsApp on their device is unreachable or doesn’t have internet connectivity, they will quickly fall back to the regular SMS channel. In addition, users receiving OTPs via WhatsApp for the first time will be notified of the change in behavior via SMS text message,” the company explained in a message on the Microsoft 365 admin center.
Microsoft notes that organizations that don’t prefer to use WhatsApp to send MFA text messages have the option to disable this authentication method within their organization. The company also strongly recommends adopting more secure authentication mechanism, such as Microsoft Authenticator and Passkeys.