nbp33 (nbp33) asked a question.
What Happens when I turn off an MFA type?
With the hacks that exist for spoofing mobile numbers, SMS as a second factor is looking less secure. It also doesn't work well when traveling abroad or when one doesn't have cell service. So, I'm wondering what will happen if/when I disable SMS as a second factor. Will users be able to continue using their SMS codes until they enroll their next phone? Will they be locked out when they try to log in from off-net? Or will they just be prompted to enroll a new factor when they next try to log in?
The short answer is that users will be prompted to enrol a new factor when they are next challenged for one. Assuming that they don't already have another factor enrolled. If another factor is already enrolled, the user will prompted for that one.
The actual behaviour here is dependent on several other settings such as whether the user is prompted for a second factor every time they log in, or at an interval. You also need to remove SMS from any factor policies you have, before you can disable it as an option.