Prevent users from changing authentication methods and authentication phone number (mfasetup)
We would need the following features:
• The possibility to assign different auth methods based on groups for MFA.
• A way to prevent users from changing the authentication phone number. IT department should be able to predefine one authentication phone number and the user should not be able to change the number or setup an alternate phone number by himself.
• One way to control the access to MFA setup using Conditional Access Policies.
Joseph Potenza commented
Looking for an option to lock down users from changing their MFA phone number. This is problematic as it creates a security hole. I would like to have what is in their Azure AD stick related to their authentication number.
Greg Tate commented
I see a work around using scripts but this isn't a good solution.