Change MFA sender phone number and content
Currently is not possible to change the phone number or the content of the SMS to validate the user's number or for MFA.
B2C would be more useful for financial and/or government organizations if the MFA had more branding options in order give peace of mind to wary customers.
We’re looking at this feedback and along with work for verification emails, looking to do some work around customization to completely remove the Microsoft brand and allow this depth in customization. Please bear with us as we are looking at how best to prioritize these changes.
Amit Navale commented
This issue is under review from Oct 2018. For financial institutes this experience is not good at all. Hoping you will pick this ASAP
I'm still trying it out, but this [post](https://docs.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-auth-technical-profile) probably would help, which mentions `companyName` is customizable -"The company name in the SMS. If not provided, the name of your application is used."
Duy Hoang commented
because of this limitation we need to disable the MFA of AAD and implement our own verification
Nuno Brites commented
Please implement this, it's important for security purposes. Have the sms coming from an explicit sender is easier for the users to trust it.
+1. SMS Sender name and content should be changeable.
Ricky D commented
@Azure AD Team - has there been any progress on modifying the Graph API to enable MFA numbers to be updated? Or is there a planned roadmap/rollout for this feature?
Without this B2C will never be used by some company’s
Totally agree. In a B2C environment, consumers / customers are looking to interact with the brand that they expect to be interacting with. When recieving SMS that are unbranded, come through from another country (e.g. UK or US), come as the number 123456 or from "Microsoft" customers may be vary about interacting the SMS MFA as it doesn't link to the Brand that they are trying to interact with. In a customer centric world, this kind of functionality is a must.
Please implement this, as users are vary of phishing attacks