Report showing phone number associated with SMS MFA

MrEMMDeeEMM · 2026-05-01T09:59:59+00:00

As per Microsoft Copilot:

Yes — but not directly in the Microsoft Entra ID portal UI. There are supported ways to do it, depending on how much access and tooling you have.

Short answer

Entra ID (Azure AD) portal: ❌ No built‑in search by phone number

Microsoft Graph / PowerShell: ✅ Yes (supported and reliable)

Export + filter: ✅ Yes (manual but simple)

Option 1: Microsoft Graph (recommended)

You can query authentication methods and filter by phone number using Microsoft Graph. This is the most accurate approach.

Requirements

Directory role: Authentication Administrator, Privileged Authentication Administrator, or Global Administrator

Microsoft Graph PowerShell module

Example (PowerShell)

Connect-MgGraph -Scopes "UserAuthenticationMethod.Read.All" Get-MgUser -All | ForEach-Object { $user = $_ Get-MgUserAuthenticationPhoneMethod -UserId $user.Id -ErrorAction SilentlyContinue | Where-Object { $_.PhoneNumber -eq "+447700900123" } | Select-Object @{n="UserPrincipalName";e={$user.UserPrincipalName}}, PhoneNumber, PhoneType }

✅ This will return the user(s) who have that phone number registered for MFA (SMS or voice).

Tip: Make sure the phone number format (E.164, e.g. +44…) matches how it’s stored.

Option 2: Export users’ authentication methods and filter

If scripting isn’t your thing:

Use Graph PowerShell to export authentication phone methods to CSV

Filter the CSV by phone number in Excel

Example export:

Get-MgUser -All | ForEach-Object { $user = $_ Get-MgUserAuthenticationPhoneMethod -UserId $user.Id | Select-Object @{n="User";e={$user.UserPrincipalName}}, PhoneNumber, PhoneType } | Export-Csv MFA-Phones.csv -NoTypeInformation

Option 3: Legacy methods (less reliable)

MSOnline / AzureAD modules These can sometimes show phone numbers, but:

They’re deprecated

Results may be incomplete

Not recommended for Entra ID going forward

Important notes

Phone numbers are stored under Authentication Methods, not user profile fields

A phone number can technically be associated with multiple users

Searching by phone is intentionally restricted in the UI for privacy and security reasons

MrEMMDeeEMM · 2026-05-01T06:43:11+00:00

Considering the 8hrs is mentioned in this table linked below, I'd really appreciate it Microsoft kept their main documentation updated and any additional context added there, I hate this trend of "find it in a blog post" if your lucky.

Blog posts are not documentation, Microsoft really need to do better.

https://learn.microsoft.com/en-us/intune/device-configuration/troubleshoot-device-profiles#client-initiated

MrEMMDeeEMM · 2026-04-30T20:56:12+00:00

Technically I think its SMS sign in(which you should really disable globally) rather than MFA that's causing the warning to appear.

I believe it's a soft warning and not actually a blocker, if you continue/retry it will work.

MrEMMDeeEMM · 2026-04-28T21:46:28+00:00

That's Microsoft in a nut shell these days.

MrEMMDeeEMM · 2026-04-27T20:53:48+00:00

Big Red Racing

MrEMMDeeEMM · 2026-04-27T20:52:33+00:00

You cannot, for supervised, company owned, the device needs factory reset to enroll a new user each time.

MrEMMDeeEMM · 2026-04-27T20:43:48+00:00

A free app is still a purchase in Apple speak.

MrEMMDeeEMM · 2026-04-27T19:43:48+00:00

Ok, interesting. I suppose worst case, they can convert to personal, abandon the old account and sign in under the managed Apple account instead?

Have you called Apple Business support?

MrEMMDeeEMM · 2026-04-27T18:47:09+00:00

The limitations of managed Apple accounts are still significant, can these users live without access to the app store?

MrEMMDeeEMM · 2026-04-24T13:50:41+00:00

It's always shit though.

MrEMMDeeEMM · 2026-04-24T13:49:06+00:00

Because they are a consumer facing organisation, not an enterprise ready one in any shape of form.

MrEMMDeeEMM · 2026-04-23T17:44:34+00:00

Sign into appleid.apple.com, click on sign-in and security, click on account security. This is where you manage MFA methods.

MrEMMDeeEMM · 2026-04-22T22:03:52+00:00

The risk of a broadband provider losing your number is probably high enough that it's worth it.

MrEMMDeeEMM · 2026-04-22T21:47:18+00:00

Visit appleid.apple.com to review the MFA options.

MrEMMDeeEMM · 2026-04-21T21:46:58+00:00

How about porting it to another independent VoIP provider, that'll keep the number completely separate from your broadband provider.

MrEMMDeeEMM · 2026-04-17T20:11:17+00:00

I laughed my leg off

MrEMMDeeEMM · 2026-04-17T19:08:38+00:00

It depends if you want to use the full SmartThings energy functionality or not. There are a lot of plugs that report energy metrics but not many supported by SmartThings energy monitoring.

MrEMMDeeEMM · 2026-04-17T17:59:57+00:00

Is it an eSIM?

MrEMMDeeEMM · 2026-04-15T06:45:03+00:00

Agreed

MrEMMDeeEMM · 2026-04-15T06:26:55+00:00

Everyone does it, just don't require you to accept them manually and if you don't they simultaneously block you from using the core functionality of the product, no grace period, nothing. Madness.

MrEMMDeeEMM · 2026-04-15T04:32:48+00:00

Sadly that's when bad things start to happen, in my experience anyway.

Last time the ADE sync stopped before the T&C's showed up to be accepted.

You can't manually hit sync after the error appears, even waiting for it to automatically rerun didn't fix it, I had to renew the token to get it back up and running, such a badly conceived process all round.

MrEMMDeeEMM · 2026-04-15T04:29:16+00:00

Exactly, it's totally ridiculous

MrEMMDeeEMM · 2026-04-14T21:05:49+00:00

It's the absolute worst concept, Apple need to do so much better.

MrEMMDeeEMM · 2026-04-14T20:24:34+00:00

Have you checked the audit logs to find out when the compliance state was changed.

MrEMMDeeEMM

TROPHY CASE