I'm using a default Sign in policy v2 with MFA and a password reset built-in. The MFA has worked with SMS text message, and this works properly. Yesterday while testing, I suddenly got a QR code challenge during signing in asking me to "use the authenticator app" to scan a code.
Apart from this being fantastic news (I really love the authenticator-way of 2FA) I'm wondering whether I'm part of an A/B test, or whether this is a setting that I can change accross my b2c tenant? Ideally I want all my users to use the authenticator app for 2FA.
- No custom policy (all default)
- 2FA mandatory (which triggers SMS)
