System-preferred MFA is now live!

As announced, System-preferred MFA started to be activated for all tenants who kept the configuration in "Microsoft Managed" since last Friday (07/07/2023).

If you kept this setting or already made your change to Enabled, great! you've already heightened security for your users' identity even further.

In short: System-preferred MFA it is a security feature where the most secure MFA method registered by the user will be the method to be requested for that user during an MFA authentication, regardless of which method the user has chosen to your default method.

i.e. If a user registered the Authenticator App (notification) and also his phone number for SMS and chose SMS as his default method, after activating the System-preferred MFA the method to be triggered will be the notification method.

However, the user can choose to change the method during the authentication flow, however, System-preferred MFA will always trigger the most secure method registered by the user.

More information on enabling System-preferred MFA, how it works and how it can be configured can be found here.

In the next article I'll give you a tip on how to find out which method will be requested for your users after System-preferred MFA is turned on, keep an eye out!