ERP Today News

Microsoft Is Killing SMS Sign-in Codes. ERP Teams Should Pay Attention

Adam Pitman Senior Editor, ERP Today and SAPinsider
Smartphone displaying a security lock, illustrating Microsoft SMS sign-in changes and ERP identity readiness.

Key Takeaways

Microsoft is phasing out SMS sign-in codes for personal Microsoft accounts, pushing users toward passkeys, Microsoft Authenticator, and verified email.

ERP teams should review personal-account dependencies tied to developer tooling, Power Platform tenants, learning accounts, and sandbox environments.

The change does not affect Entra ID work accounts, but it gives SAP, Oracle, and Microsoft identity teams a practical prompt to test MFA fallbacks and passwordless readiness

The text message containing your sign-in code is on borrowed time. Microsoft has begun phasing out SMS one-time codes for personal Microsoft account sign-in, steering users toward passkeys, Microsoft Authenticator, and verified email.

The change is limited to personal Microsoft accounts and does not affect Microsoft Entra ID work accounts. Still, it carries operational consequences for teams that use Microsoft identity through developer tooling, Power Platform tenants, and learning subscriptions.

What ERP Leaders Need to Figure Out

The notice applies to personal Microsoft accounts, not to Microsoft Entra ID work accounts used for Dynamics 365, Power Platform production tenants, or federated access into SAP or Oracle systems. Scope confusion here leads either to unnecessary panic or a blind spot.

ERP teams may use personal Microsoft accounts for Visual Studio subscriptions, Microsoft Learn certification tracking, and Power Platform developer tenants outside the governed environment. If those accounts are personal Microsoft accounts, they are in scope, and a forced authentication change can interrupt build, test, and enablement work.

The quieter exposure is operational. Teams that have kept SMS as a fallback for shared mailboxes, contractor accounts, or break-glass scenarios may need to test whether those fallbacks still work as Microsoft changes account-level authentication options.

Analysis

What This Means for ERP Insiders

Map the personal account shadow estate. Developer subscriptions, learning accounts, and sandbox tenants tied to individual Microsoft IDs rarely appear in enterprise identity inventories built around Entra ID.

The Migration Questions Facing ERP Teams

Likely areas for review include every Microsoft-identity touchpoint connected to the ERP stack, along with early enrollment of Authenticator or passkeys for affected users.

The less visible Priority is contractor accounts, shared mailboxes, and break-glass credentials that were set up with SMS as the fallback. Those accounts tend not to appear in routine identity audits, and they are often the ones that fail first.

Three planning assumptions follow:

  1. Identity inventories built around Microsoft Entra ID alone can undercount the personal-account dependencies that have accumulated in developer and enablement workflows.
  2. Accounts maintained outside formal IT governance — contractor logins, shared credentials, legacy sandbox tenants — are the most likely to break quietly when SMS stops working.
  3. Enrollment windows typically narrow once Microsoft moves a deprecation from announcement to enforcement — a pattern observed in prior enterprise authentication transitions, though no timeline has been stated for this change.

Analysis

What This Means for ERP Insiders

Treat shared-device workflows as an identity problem. Passkey models assume a trusted personal device, which does not match how shop-floor, field-service, and retail ERP users actually authenticate.

Why This Matters Beyond One Microsoft Policy Change

Some ERP teams may treat this consumer change as a rehearsal for broader passwordless migration. Microsoft has been moving toward phishing-resistant authentication across its entire identity stack for years. The consumer SMS change is the trailing edge of a strategy already visible in Entra ID and Conditional Access policy.

Where Microsoft identity federates into SAP or Oracle systems, the same trajectory may become relevant, even if the timing and mechanics differ by stack.

While, the deprecation is narrow on paper, it signals the direction of travel for enterprise authentication, and the teams that read it that way will be better positioned for what comes.

Analysis

What This Means for ERP Insiders

The most practical takeaway is readiness. ERP teams do not need to rewrite authentication strategy because of one consumer policy change, but they should use it to test where SMS, legacy MFA exceptions, and federated identity dependencies still exist.

About Us

ERP Today covers how ERP, cloud, and AI change the way businesses run. Our editors speak with practitioners, vendors, and analysts to surface the technology, contracts, and risks that matter for enterprise leaders.

Alongside our newsroom coverage, we run in‑person summits where ERP leaders compare notes on programs like yours, and a research practice that turns reporting like this into organization‑specific briefings and content.

YOU MIGHT ALSO LIKE
ServiceNow Knowledge 2026
ERP Today NewsAnalytics and AI
ServiceNow Repositioned Around AI Security and Governance at Knowledge 2026
Dataiku Cobuild on Snowflake
ERP Today NewsAnalytics and AI
Dataiku Launches Cobuild on Snowflake for Governed AI Workflows
SAP Sapphire Madrid
ERP Today NewsAnalytics and AI
SAP Sapphire Madrid: Autonomous Enterprise Pitch Meets Europe’s AI Control Test

Key Topics Discussed

Follow us on LinkedIn for the latest updates