MC926195 – Entra ID: Expansion of WhatsApp as an MFA one-time passcode delivery channel

cloudscout.one Icon

check before: 2024-12-01

Product:

Entra

Platform:

Online, World tenant

Status:

Change type:

Feature update, User impact, Admin impact

Links:

Details:

Summary:
Starting December 2024, Microsoft Entra will reintroduce WhatsApp as a channel for delivering MFA OTPs in India, with expansion to more countries. Users with WhatsApp will receive OTPs there, with SMS as a fallback. Organizations can disable this feature or opt for more secure methods like Microsoft Authenticator.

Details:
In late 2023, Microsoft Entra started leveraging WhatsApp as an alternate channel to deliver multifactor authentication (MFA) one-time passcodes (OTPs) to users in India and Indonesia. We saw improved deliverability, completion rates, and satisfaction when leveraging the channel in both countries. The channel was temporarily disabled in India in early 2024. Starting early December 2024, we will be re-enabling the channel in India and expanding its use to additional countries.
[When this will happen:]
Starting December 2024, users in India and other countries may start receiving MFA text messages via WhatsApp. Only users that are enabled to receive MFA text messages as an authentication method and already have WhatsApp on their phone will get this experience. If a user with WhatsApp on their device is unreachable or doesn't have internet connectivity, they will quickly fall back to the regular SMS channel. In addition, users receiving OTPs via WhatsApp for the first time will be notified of the change in behavior via SMS text message.
The sender agent in WhatsApp where users will see the OTPs will be branded as Microsoft with a verified checkmark.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-11-06

updated:
2024-11-06

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

User Confusion
Users may be confused by the change in the delivery method for MFA OTPs, leading to potential login issues.
   - roles: End Users, Helpdesk Support
   - references: https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods-manage, https://techcommunity.microsoft.com/t5/microsoft-entra-blog/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Increased Support Tickets
The change may lead to an increase in support tickets as users encounter issues with receiving OTPs via WhatsApp.
   - roles: Helpdesk Support, IT Administrators
   - references: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-phone-options#text-message-verification, https://techcommunity.microsoft.com/t5/microsoft-entra-blog/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Security Concerns
Users may have concerns about the security of receiving OTPs via WhatsApp compared to traditional methods.
   - roles: End Users, Security Officers
   - references: https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods-manage, https://techcommunity.microsoft.com/t5/microsoft-entra-blog/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Dependency on Internet Connectivity
Users without internet access may face difficulties in receiving OTPs, leading to login failures.
   - roles: End Users, IT Administrators
   - references: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-phone-options#text-message-verification, https://techcommunity.microsoft.com/t5/microsoft-entra-blog/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Documentation Updates
Existing documentation may become outdated, requiring updates to reflect the new OTP delivery method.
   - roles: IT Administrators, Compliance Officers
   - references: https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods-manage, https://techcommunity.microsoft.com/t5/microsoft-entra-blog/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Share to MS Teams

Login to your account

Welcome Back, We Missed You!