{"id":2432,"date":"2026-03-09T07:42:45","date_gmt":"2026-03-09T14:42:45","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/identity\/?p=2432"},"modified":"2026-03-09T21:13:50","modified_gmt":"2026-03-10T04:13:50","slug":"native-auth-mfa-ga","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/identity\/native-auth-mfa-ga\/","title":{"rendered":"General Availability: Email and SMS OTP as Second\u2011Factor MFA for Native Authentication in Entra External ID"},"content":{"rendered":"

Today we\u2019re announcing the general availability of Email and SMS one\u2011time passcode (OTP) as second\u2011factor MFA for Native Authentication in Microsoft Entra External ID. This enables developers to add step\u2011up security to native sign\u2011in and sign\u2011up flows while keeping users fully inside their applications.<\/p>\n

This release focuses exclusively on MFA as a second factor, evaluated after first\u2011factor authentication completes, and is enforced through Microsoft Entra Conditional Access.<\/p>\n

Get Started with Native Authentication<\/a><\/div><\/p>\n

Clarifying first factor vs. second factor<\/h2>\n

Native Authentication in Entra External ID supports distinct authentication stages, allowing developers to layer security only when needed.<\/p>\n

Second\u2011factor MFA is commonly required:<\/p>\n\n\n\n\n\n\n
Authentication stage<\/th>\nWhat\u2019s supported<\/th>\n<\/tr>\n<\/thead>\n
First factor<\/td>\nEmail OTP; Email + password (with SSPR)<\/td>\n<\/tr>\n
Second factor (GA)<\/td>\nEmail OTP; SMS OTP<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Second\u2011factor MFA is evaluated only after first\u2011factor authentication succeeds, enabling step\u2011up security without adding friction to every sign\u2011in.<\/p>\n

Why second\u2011factor MFA matters for native apps<\/h2>\n

Consumer and external\u2011facing applications increasingly require stronger assurance without sacrificing user experience.<\/p>\n