Knowledge Base

How to solve problems related to phone numbers in Azure Active Directory

Problem:

You encounter one or both of the following problems:

  1. When trying to enter a user’s phone number in Azure Active Directory, you get the error message:
Invalid phone number format. Example input: +1 2223334444
  1. You have a hybrid environment. You entered a phone number in your on-premises Active Directory without the country code, but when the phone number is inserted into your email signature, a country code is added.

Solution:

Both situations mentioned above are not related to CodeTwo software. Instead, they occur because of the specific way in which Microsoft solutions handle phone numbers. A problem like these may occur if you have Multi Factor Authentication (MFA) and/or self-service password reset (SSPR) enabled in your organization and if you set up to use the user’s phone number for authentication. In the paragraphs below, we explain what happens in more detail.

Invalid phone number error message

In this case, a specific phone number format is required for Microsoft services to work correctly. Azure Active Directory will enforce the use of a correct phone number consisting of a country code, a space, and the rest of the phone number provided without spaces:

+1 2223334445

The phone number restriction is built into the Azure portal. It is enforced when any functionality using the mobile phone field in the Azure AD is active. If that’s the case, the number has to be provided in the specified format.

Country code added to a phone number in email signatures

This situation may occur in a hybrid environment, which includes Microsoft 365 (with Azure AD) and an on-premises Active Directory that stores user profile information. If any service requiring the phone number is active (e.g. MFA, SSPR) in Microsoft 365, Azure Active Directory becomes the source of this phone number and the on-premises Active Directory mobile phone field is no longer synchronized.

In that case, the phone number in Azure Active Directory must consist of a country code, a space and the rest of the phone number provided without spaces:

+1 2223334445

Phone number in the Authentication methods page

If MFA or SSPR is enabled for the given user and a telephone number is used for sending authentication messages, Azure Active Directory will enforce a specific format of that phone number when entering it in the Authentication methods page. It will have to consist of a country code, a space and the rest of the phone number provided without spaces:

+1 2223334445

If the format is incorrect, an error message will be displayed as shown in Fig. 1.

Invalid phone number error in Azure AD Authentication methods page.
Fig. 1. Invalid phone number error in Azure AD Authentication methods page.

Was this information useful?