Microsoft Entra ID to Deliver MFA Text Message via WhatsApp

In today’s world, the need for robust security measures has never been more critical. With the increasing frequency and sophistication of cyberattacks, it’s essential to safeguard our online accounts and data from unauthorized access. One of the most effective ways to enhance security is through Multi-Factor Authentication (MFA). Microsoft, a leader in the tech industry, has taken a significant step to optimize MFA by delivering text messages through WhatsApp. This innovative approach, known as Microsoft Entra ID, promises to make MFA even more secure and convenient for users. Initially this new feature will be available only for Microsoft 365 enterprise customers in India, Indonesia and New Zealand it will be in affect from Sept. 2023.

For other countries the rollout begins in October-November 2023.

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication, often abbreviated as MFA, is a security system that requires users to provide two or more verification factors to access an online account. These factors typically fall into one of three categories:

  1. Something You Know: This could be a password or PIN.
  2. Something You Have: A device or token, like a smartphone or a hardware security key.
  3. Something You Are: Biometric data, such as a fingerprint or facial recognition.

MFA significantly enhances security because even if an attacker compromises one factor, they would still need access to the others to gain entry.

The Role of Text Messages in MFA

One of the most common methods of implementing MFA is sending One-Time Passwords (OTPs) via text messages. This is the “Something You Have” factor in action, as users need to have access to their mobile phones to receive the OTP and complete the authentication process.

The Challenge of Text Message Delivery

While text messages have been a reliable means of delivering OTPs, there have been concerns about their security and reliability. SMS messages can be intercepted or redirected, making them susceptible to certain forms of cyberattacks.

To address these concerns, Microsoft has introduced an innovative solution for MFA text message delivery through WhatsApp. This approach leverages the WhatsApp platform, known for its end-to-end encryption and widespread use, to make MFA even more secure and convenient.

Introducing Microsoft Entra ID

Microsoft Entra ID is a cutting-edge solution designed to help deliver OTPs securely to users via WhatsApp. By utilizing WhatsApp’s secure messaging infrastructure, Microsoft aims to provide a more robust and reliable means of receiving MFA text messages. This integration brings several benefits to the table:

  1. Enhanced Security: WhatsApp’s end-to-end encryption ensures that the OTPs are transmitted securely, reducing the risk of interception.
  2. User Convenience: Most people already have WhatsApp on their smartphones, making it a familiar and user-friendly platform for MFA. This reduces the likelihood of users missing or losing OTPs.
  3. Global Reach: WhatsApp is widely used across the globe, ensuring that this MFA solution is accessible to a broad audience.
  4. Reduced Costs: By using WhatsApp, organizations can potentially reduce SMS-related costs, especially for international OTP delivery.

Implementing Microsoft Entra ID

While Microsoft Entra ID promises to revolutionize MFA, organizations need to take steps to implement this solution effectively. The process usually involves configuring the Azure Active Directory and the Microsoft Authenticator app, enabling the integration with WhatsApp, and ensuring that users are properly onboarded to the new MFA system.

License Requirement:

Each user must be licensed with one of the below licenses:

  • M365 F1 or F3
  • Entra ID P1 or P2
  • Enterprise Mobility + Security
  • Office 365 E3 or E5
  • M365 E3 or E5

How to enable:

There is no as such WhatsApp option configuration yet deployed by MS in Azure

  • Login to Entra portal
  • Click on Security
  • Authentication method > Policies > SMS
  • Enable and target the users.


In an era where data breaches and cyberattacks are becoming increasingly prevalent, securing online accounts is of utmost importance. Multi-Factor Authentication is a critical tool in this endeavor, and Microsoft’s Entra ID, with its innovative approach of delivering MFA text messages through WhatsApp, is set to make this security measure more robust and user-friendly.

By leveraging WhatsApp’s secure messaging platform, Entra ID enhances the reliability and security of OTP delivery, offering a practical solution for organizations and users alike. As technology continues to evolve, it’s reassuring to see companies like Microsoft taking steps to stay ahead of the curve in cybersecurity and provide us with the tools we need to protect our digital lives.




Knowledge is not a finite resource to hoard; it’s a boundless treasure that grows when shared.