Over the past few months, as more and more of you use the Multi-Factor Authentication (MFA) and Self Service Password Reset (SSPR) capabilities of Azure AD Premium, you’ve requested and option to let employees keep the mobile phone numbers they are using for Azure MFA and Self Service Password Reset private so they are not be visible in the Office365 Global Address List.
We’ve just turned on our improved privacy for user authentication information to meet this need.
With this feature, the phone number entered by a user for Azure MFA or SSPR will be private and will only be visible and editable by the user and the directory administrator(s). The private phone number is referred to as the authentication phone, which will be used instead of the mobile phone field for MFA that you all are familiar with. Likewise, SSPR will use authentication phone instead of mobile phone and authentication email instead of alternate email address.
From an administrator perspective, an admin can view/edit the authentication information under the user’s profile tab (Select the Directory -> Navigate to Users tab -> Select the user of interest -> Navigate to the profile tab) in the newly added authentication contact info section.
Employees can edit their contact phone number by going to the additional security verification page in the http://myapps.microsoft.com portal and, they will see the authentication phone instead of the mobile phone.
Likewise, if an end user goes through the first time additional security verification setup, they will see the authentication phone as the contact method in the drop down which replaces the mobile phone.
Similar to MFA, end users will see the authentication phone and authentication email for SSPR instead of the mobile phone and alternate email address.
We hope you’ll find this new privacy capability useful!
As always, we’d love to receive feedback or suggestions you have.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity and Security Services Division