MFA Hardening: Migration from SMS to Authenticator App

We identified users relying on SMS-based Multi-Factor Authentication (MFA) across a large Microsoft 365 tenant, then executed a phased rollout of the Microsoft Authenticator app. This significantly improved security posture by replacing legacy mobile number verification with app-based push notifications and disabling phone-based MFA methods.

JD Virtual Project Lead

Joe Davies

Client

National Residential Landlords Association

Commisioned by

Your IT Man

On behalf of a partner, we conducted a detailed audit ofMicrosoft 365 MFA configurations, targeting accounts still using phonenumbers for second-factor verification. These were flagged as a securityrisk due to their vulnerability to SIM swapping and phishing.

The project involved:

Identification of all users relying on SMS/phone call MFA
User-specific notifications and migration plan for rollout
Systematic deployment and enforced setup of Microsoft Authenticator
Disabling of legacy MFA methods to prevent fallback risks
Ongoing compliance monitoring and support

This proactive change ensured long-term protection for useraccounts, reduced attack surface, and aligned the tenant with modern securitybest practices recommended by Microsoft.

‍

Team Members

Joe Davies

Managing and Technical Director

Gallery

Start a Conversation with Us

Book a Meeting

We are proud to work with

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Deny Accept