Share via

Microsoft Teams - Remove "Microsoft Authenticator" from "Keep your account secure" at login

Anonymous
2023-11-29T21:27:04+00:00

Every time a new user (student) registers to our Teams "server", they are prompted with a screen that might be confusing:

The majority of the users assume that it's mandatory to use Microsoft Authenticator in order to gain access to Teams. Unfortunately, this has caused some issues as not everyone is familiar with using an Authenticator. Many users uninstall the app after the first login and subsequently lose their access to Teams. 🤷‍♂️

Therefore, I would like to know if it's possible to remove this screen altogether or at least make "Email" the default method of proving one's identity.

It's fine to leave the Microsoft Authenticator option enabled, but it should be presented as a secondary/optional method. This way, users who prefer to use it can do so, while those who don't want to use it won't feel forced to.

I'm the Administrator for the organization (Hack Academy) and this is how Microsoft Authenticator is configured as an Authentication Method. It is disabled, so I don't understand why it appears on the initial login screen.

--

PS: Just to be sure, this has nothing to do with 2FA, right?

Microsoft Teams | Microsoft Teams for education | Sign up and Sign in | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-11-29T22:03:14+00:00

    Hello Marcus,

    I'm Ibhadighi and I'd happily help you with your question. In this forum, we are Microsoft consumers just like yourself.

    The prompt for using Microsoft Authenticator at login is likely part of the security defaults or conditional access policies set up in your Azure Active Directory (Azure AD) for your organization. Even if you have not explicitly enabled two-factor authentication (2FA) for new users, these security defaults may still encourage the use of the Authenticator app.

    To adjust this so that Microsoft Authenticator is not the primary method shown to users, you will need to change the settings in the Azure portal. Here's a simplified answer and steps you can follow, assuming you have the necessary admin permissions:

    1. **Log in to the Azure portal:** Go to the Azure portal and sign in with your admin account.
    2. **Navigate to Azure Active Directory:** Find and select Azure Active Directory from the list of services.
    3. **Go to Authentication methods:** Look for the 'Authentication methods' policy in Azure AD.
    4. **Adjust User Settings:** Within the 'Authentication methods', you may find settings that dictate the methods available to users and the priority order.
    5. **Change Policies:** If there are any conditional access policies set up that require or prompt the use of Microsoft Authenticator, you may need to adjust these. This can be found under 'Security' in Azure AD.
    6. **Review Registration and Reset Policies:** There might also be self-service password reset policies that determine the methods available for users to verify their identity. Ensure that email verification is enabled here.
    7. **Check Security Defaults:** If security defaults are enabled, they may automatically prefer the use of the Authenticator app. You can customize these settings, but be cautious as this may affect other security settings.

    Please note that changes here can affect the security posture of your organization. It's important to balance the convenience for users with the need to keep accounts secure.

    This indeed has nothing to do with 2FA if you haven't set it up. It's more about the initial account verification and recovery methods suggested by Microsoft's security policy defaults.

    I hope this helps.

    Best Regards, Ibhadighi

    0 comments
  2. Anonymous
    2023-11-30T18:58:57+00:00

    Thank you Ibhadighi!

    Unfortunately, I can't find these options:

    • Adjust User Settings
    • Change Policies
    • Review Registration and Reset Policies

    This is what I see:

    0 comments
  3. Anonymous
    2023-12-01T16:47:19+00:00

    Hello Marcus,

    Based on the image you've provided, it looks like you're in the Azure portal looking at the Authentication methods settings for your organization.

    If you're not seeing the options to adjust user settings, change policies, or review registration and reset policies directly in this interface, you may need to navigate to different sections of the Azure portal. Here's what you can try:

    Check the Authentication Methods Policy:

    Go to the Azure Active Directory in the Azure portal. Click on Security, then Authentication methods. Make sure that the methods you want for your users are enabled, and others are disabled.

    Check Multi-Factor Authentication Settings: Still in Azure Active Directory, click on Security, then on MFA. Ensure that the settings here align with what you want your users to experience.

    Check Self-Service Password Reset (SSPR) Settings: Within Azure Active Directory, click on Password reset. Here you can define what methods are available for users when resetting their password.

    If after checking these areas the issue persists: It could be that changes haven't propagated yet; they can sometimes take a little time. You may not have the necessary permissions to view or change some settings, in which case you might need to contact another admin.

    I hope this helps,

    Thank you, Ibhadighi

    0 comments
  4. Anonymous
    2023-12-11T14:19:01+00:00

    Sorry, but that doesn't help.

    I also tried to disable the Registration Campaign. I have been waiting for a couple of days, but I haven't noticed any changes yet.

    Image

    0 comments