Ensure weak authentication methods are disabled
Why This Matters
SMS, voice calls, and email OTP are the weakest multifactor authentication methods because they rely on phone networks and email systems that can be intercepted, redirected, or spoofed. Attackers exploit these legacy protocols to bypass MFA, often through SIM swapping or phishing attacks. If you leave these methods enabled, your organization remains vulnerable to credential theft and account compromise despite having MFA in place.
What Aether365 Checks
This check confirms that SMS, voice call, and email OTP authentication methods are disabled in Microsoft Entra ID. It appears in the Aether365 dashboard under entraid checks and flags any method that is set to Enabled: Yes.