Merge pull request #228302 from garrodonnell/godonnell-update-phone-based-mfa

prmerger-automator[bot] · web-flow · commit 5bb5ea18fdb4 · 2023-02-27T10:27:26.000Z
[B2C][Update] Adding recommendation for TOTP to Securing phone-based multi-factor authentication (MFA)
diff --git a/articles/active-directory-b2c/phone-based-mfa.md b/articles/active-directory-b2c/phone-based-mfa.md
@@ -18,6 +18,9 @@ ms.subservice: B2C
 
 With Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA), users can choose to receive an automated voice call at a phone number they register for verification. Malicious users could take advantage of this method by creating multiple accounts and placing phone calls without completing the MFA registration process. These numerous failed sign-ups could exhaust the allowed sign-up attempts, preventing other users from signing up for new accounts in your Azure AD B2C tenant. To help protect against these attacks, you can use Azure Monitor to monitor phone authentication failures and mitigate fraudulent sign-ups.
 
+> [!IMPORTANT]
+> Authenticator app (TOTP) provides stronger security than SMS/Phone multi-factor authentication. To set this up please read our instructions for [enabling multi-factor authentication in Azure Active Directory B2C](multi-factor-authentication.md).
+
 ## Prerequisites
 
 Before you begin, create a [Log Analytics workspace](azure-monitor.md).
