Multifactor authentication via SMS is vulnerable to bot attacks, potentially leading to high costs from automated account creations. To mitigate risks, it's recommended to disable SMS MFA, implement stronger bot protection, or disable sign-ups. If attacked, quickly identify and delete bot-created accounts using Azure portal and PowerShell scripts to manage user identities.
[HOWTO] Change UPN/username of user in AAD B2C
To test a certain use case in the context of the integration of an application with AAD B2C I wanted to change the User Principal Name (UPN) of a user. The UPN corresponds to the username and email address of a user. First, I tried changing the UPN directly through the Azure Portal by switching... Continue Reading →
[HOWTO] Handle AAD B2C Password Reset for Legacy Sign up and Sign in User Flow
In case you have an Azure Active Directory B2C (AAD B2C) with a user flow of type Sign up and sign in (Preview v2 legacy), self-service password reset experience can not be enabled on the user flow. Regardless of this, the Forgot your password? option is shown to the users by the login screen: But... Continue Reading →
