Microsoft Azure Active Directory has Introduced new security control to securing MFA, called as System-preferred MFA. During user's MFA it will default prompt most secured MFA method user has registered.
For an example: If user has registered SMS and authenticator as a method for MFA system preferred MFA evaluated and prompt for authenticator app. User can still sign-in by other sign-in method.
Below are the points to consider.
- By default this feature is disabled.
- System always determines and presents the most secure method user has registered.
- It can be enabled only for a single group, which can be a dynamic or nested group.