Entra ID (previously Azure) has introduced a new multifactor authentication method via WhatsApp, and it’s important to be aware of this to avoid mistakenly flagging legitimate WhatsApp texts as phishing attacks. Microsoft recently announced that WhatsApp will become one of the preferred messaging apps for multifactor authentication. However, this feature will be initially available only in specific regions. These regions include India, Indonesia, and New Zealand. Users from these countries will have the option to authenticate themselves through WhatsApp starting from September 2023.
It’s worth saying that only users who can receive multifactor authentication text messages and already have WhatsApp installed on their phones will be able to use this functionality. The rollout should begin around mid-October, with further expansion taking more time.
Concerns about Entra ID multifactor authentication potentially being mistaken for a phishing attack have been considered by Microsoft. They will label their messages on WhatsApp with a verified checkmark to ensure authenticity. Microsoft recommends that organizations in India, Indonesia, and New Zealand should inform their employees about this upcoming change.
Furthermore, Entra ID is planning to extend the usage of WhatsApp as an authentication method to other regions, starting in October or November.