This blog is to share knowledge and provide technical help to my peer friends. Rather than going for theory our approach is practical

System-preferred multifactor authentication (MFA)

Microsoft Entra ID (Azure Active Directory) has Introduced new security control to securing MFA, called as System-preferred MFA. During user's MFA it will default prompt most secured MFA method user has registered.

For an example: If user has registered SMS and authenticator as a method for MFA system preferred MFA evaluated and prompt for authenticator app. User can still sign-in by other sign-in method.

Below are the points to consider.

By default this feature is disabled.
System always determines and presents the most secure method user has registered.
It can be enabled only for a single group, which can be a dynamic or nested group.

How to enable this feature?

Graph API

Azure AD Portal: Go to Security blade ->Authentication method ->Settings ->

Page updated

Google Sites

Report abuse