How to solve problems related to phone numbers in Azure Active Directory
You encounter one or both of the following problems:
- When trying to enter a user’s phone number in Azure Active Directory, you get the error message:
Invalid phone number format. Example input: +1 2223334444
- You have a hybrid environment. You entered a phone number in your on-premises Active Directory without the country code, but when the phone number is inserted into your email signature, a country code is added.
Both situations mentioned above are not related to CodeTwo software. Instead, they occur because of the specific way in which Microsoft solutions handle phone numbers. A problem like these may occur if you have Multi Factor Authentication (MFA) and/or self-service password reset (SSPR) enabled in your organization and if you set up to use the user’s phone number for authentication. In the paragraphs below, we explain what happens in more detail.
- Invalid phone number error message
- Country code added to phone number in email signatures
- Phone number in the Authentication methods page
In this case, a specific phone number format is required for Microsoft services to work correctly. Azure Active Directory will enforce the use of a correct phone number consisting of a country code, a space, and the rest of the phone number provided without spaces:
The phone number restriction is built into the Azure portal. It is enforced when any functionality using the mobile phone field in the Azure AD is active. If that’s the case, the number has to be provided in the specified format.
This situation may occur in a hybrid environment, which includes Microsoft 365 (with Azure AD) and an on-premises Active Directory that stores user profile information. If any service requiring the phone number is active (e.g. MFA, SSPR) in Microsoft 365, Azure Active Directory becomes the source of this phone number and the on-premises Active Directory mobile phone field is no longer synchronized.
In that case, the phone number in Azure Active Directory must consist of a country code, a space and the rest of the phone number provided without spaces:
If MFA or SSPR is enabled for the given user and a telephone number is used for sending authentication messages, Azure Active Directory will enforce a specific format of that phone number when entering it in the Authentication methods page. It will have to consist of a country code, a space and the rest of the phone number provided without spaces:
If the format is incorrect, an error message will be displayed as shown in Fig. 1.