Last Updated on August 13, 2025 by Arnav Sharma
Users are prompted to log in with the most secure method they have registered with the system, thanks to multifactor authentication (MFA). System administrators can boost login security by enabling system-preferred MFA and discouraging using less secure sign-in methods, such as SMS.
System-preferred MFA will force the user to sign in using the more secure push notification technique, such as Microsoft Authenticator if the user has registered both SMS and Microsoft Authenticator as options for MFA. Users are requested to sign in using their most secure registration mode before being allowed to switch to another method if necessary.
System-preferred Microsoft’s Managed Multi-Factor Authentication (MFA) is a three-tiered security strategy. The preview mode is always off by default. You may turn it on during the preview for everyone or just a select few by explicitly setting the Microsoft-managed state to Enabled. Microsoft will switch the controlled status of system-preferred MFA to Enabled when it becomes generally available.
The authentication system takes care of everything when system-preferred MFA has been activated. Because the system automatically finds and provides the most secure method the user registers, users do not need to choose any authentication method as the default.
The need to stay ahead of bad actors in today’s rapidly shifting threat landscape cannot be overstated. That being said:
- Since its introduction in April 2023, Microsoft has controlled (Disabled) this function by default.
- Afterwards, the capability will be made available as Microsoft-managed (Enabled) for all tenants, with admins still having the option to turn it off if necessary.
- At last, Microsoft will take over management of the feature and set it to the “Enabled” state across all tenants.
More specific timetables will be released in June to give businesses enough time to prepare for the rollout.
Microsoft recommends you utilise the rollout controls and implement this new functionality quickly to protect your business and its customers. You can now easily enforce the policy that tenants must prioritise using the most secure authentication methods.
I help organisations secure their cloud infrastructure and stay ahead of evolving cyber threats. Microsoft MVP and Certified Trainer, author of Mastering Azure Security, and founder of arnav.au — a platform for practical Cloud, Cybersecurity, DevOps and AI content.