> For the complete documentation index, see [llms.txt](https://docs.realmjoin.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.realmjoin.com/automation/runbooks/runbook-references/user/security/set-or-remove-mobile-phone-mfa.md). # Set Or Remove Mobile Phone Mfa ### Description Adds, updates, or removes the user's mobile phone authentication method. This runbook manages phone numbers as regular MFA factors (call/text verification). Important: The Microsoft Graph phoneMethods API does not offer a way to add a phone number as "MFA only" without triggering an automatic SMS Sign-In registration attempt. If the user is enabled by the tenant's Authentication Methods Policy for SMS Sign-In, Graph will automatically try to register the number for SMS Sign-In after creating or updating the phone method. If the number is already used by another user for SMS Sign-In, Graph returns a 409 Conflict with error code "phoneNumberNotUnique". However, the phone method itself (for regular MFA) is typically created or updated successfully despite this error. The smsSignInState property is read-only and cannot be controlled via the create/update request. SMS Sign-In can only be explicitly managed via the separate enableSmsSignIn and disableSmsSignIn endpoints. This runbook verifies the actual state after such errors and reports success if the MFA method was assigned, with a warning about the SMS Sign-In conflict. If the assignment truly failed, it searches for the user holding the number. ### Location User → Security → Set Or Remove Mobile Phone Mfa **Full Runbook name** rjgit-user\_security\_set-or-remove-mobile-phone-mfa ### Permissions #### Application permissions * **Type**: Microsoft Graph * AuditLog.Read.All * User.Read.All * UserAuthenticationMethod.ReadWrite.All * Mail.Send ### Parameters #### UserId Object ID of the target user. | Property | Value | | ------------- | ------ | | Required | true | | Default Value | | | Type | String | #### phoneNumber Mobile phone number in international E.164 format (e.g., +491701234567). | Property | Value | | ------------- | ------ | | Required | true | | Default Value | | | Type | String | #### Remove "Set/Update Mobile Phone MFA Method" (final value: $false) or "Remove Mobile Phone MFA Method" (final value: $true) can be selected as action to perform. If set to true, the runbook will remove the mobile phone MFA method for the user. If set to false, it will add or update the mobile phone MFA method with the provided phone number. | Property | Value | | ------------- | ------- | | Required | false | | Default Value | False | | Type | Boolean | #### NotifyUser When enabled, sends a notification email to the target user informing them that their mobile phone MFA method was added or removed by an administrator. Default is disabled. | Property | Value | | ------------- | ------- | | Required | false | | Default Value | False | | Type | Boolean | #### EmailFrom Sender email address for the optional notification mail. Sourced from the RealmJoin tenant setting RJReport.EmailSender. | Property | Value | | ------------- | ------ | | Required | false | | Default Value | | | Type | String | #### ServiceDeskDisplayName Service Desk display name for user contact information (optional). Sourced from the RealmJoin tenant setting RJReport.ServiceDesk\_DisplayName. | Property | Value | | ------------- | ------ | | Required | false | | Default Value | | | Type | String | #### ServiceDeskEmail Service Desk email address for user contact information (optional). Sourced from the RealmJoin tenant setting RJReport.ServiceDesk\_EMail. | Property | Value | | ------------- | ------ | | Required | false | | Default Value | | | Type | String | #### ServiceDeskPhone Service Desk phone number for user contact information (optional). Sourced from the RealmJoin tenant setting RJReport.ServiceDesk\_Phone. | Property | Value | | ------------- | ------ | | Required | false | | Default Value | | | Type | String | #### LanguageOverride Overrides the language used for the notification email. Accepted values are 'DE' (German) or 'EN' (English). If left empty, the language is determined automatically based on the target user's usage location. | Property | Value | | ------------- | ------ | | Required | false | | Default Value | | | Type | String | [Back to Runbook Reference overview](/automation/runbooks/runbook-references.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.realmjoin.com/automation/runbooks/runbook-references/user/security/set-or-remove-mobile-phone-mfa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.