Authentication Method - SMS - Use for sign-in
Why This Matters
SMS-based authentication is vulnerable to SIM swapping and interception attacks, making it a weak primary sign-in method. Overreliance on SMS weakens your overall authentication posture, especially for high-risk users. Administrators should disable SMS as a primary factor and adopt stronger alternatives like multi-factor authentication (MFA) or passwordless methods.
What Aether365 Checks
Aether365 verifies that the includeTargets.isUsableForSignIn setting for the SMS authentication method in Microsoft Entra ID is set to false. This check appears in your Aether365 dashboard under Entra ID security checks.