Remove Phone Federated Identity in Azure Entra ID

By iTomationAzure, Identity & Access Management (iAM), User Management

If you’ve opened a user in Microsoft Entra ID (formerly Azure AD) and noticed multiple identities, such as…

  • Phone (federated)

  • Primary UPN

  • onmicrosoft.com identity

Fixing Multiple Identities in Azure AD - 1

…you might run into problems with sign-in, MFA policies, UPN changes, or authentication method registration. One of the most confusing entries is Phone (Federated), which isn’t fully obvious how to remove from the Azure portal UI. Read on to learn more about how to Remove Phone Federated Identity in Azure Entra ID.

If you manage users in Azure AD / Microsoft Entra ID, you may encounter a Phone (Federated) identity alongside a user’s primary UPN/email. This often happens when a user registers for SMS sign-in or self-service phone authentication.

While this identity can sometimes interfere with MFA registration or sign-in methods, the good news is that you can remove it quickly in the Azure portal – no PowerShell or Graph API required.

Why Remove a Phone (Federated) Identity?

A Phone (Federated) identity can cause issues like:

  • Conflicts with MFA or authentication policies

  • Preventing UPN/email changes

  • Confusing multiple sign-in methods for users

Removing the phone login cleans up the identity list and ensures users rely on their primary email/UPN for authentication.

Step 1:  Sign in to the Azure Portal

  1. Go to https://portal.azure.com

  2. Sign in with a Global Administrator or User Administrator account.

Step 2: Open the User Profile

  1. Navigate to Azure Active Directory | Users

  2. Find and select the user with the Phone (Federated) identity.

  3. On the user page, click Authentication methods.

Step 3: Remove the Phone / SMS Login

  1. Under Sign-in methods or Authentication methods, locate the Phone number used for SMS login.

  2. Click Delete or Remove next to the phone number.

  3. Confirm the deletion.

Removing the phone number automatically removes the Phone (Federated) identity.

Step 4: Verify the Identity Removal

  1. Go back to the user’s Identities section.

  2. The Phone (Federated) identity should no longer appear.

  3. Confirm the user can sign in with their primary UPN/email.

Step 5: Optional: Update MFA / Authentication Methods

After removing the phone login:

  • Ask users to register Microsoft Authenticator or another approved MFA method.

  • Ensure they remain compliant with your organization’s authentication policies.

Benefits of This Method

  • Portal-based – no need for Graph API or PowerShell.

  • Safe – only removes the phone; email/UPN remains intact.

  • Immediate – federated phone identity disappears instantly.

Conclusion

Removing a Phone (Federated) identity in Entra ID is quick and straightforward. By deleting the SMS login or phone number from a user’s authentication methods, you clean up multiple identities while keeping the primary sign-in intact. This ensures a simpler, more secure sign-in experience for users and avoids potential MFA or registration conflicts.

Was this helpful? Please comment below!

Leave a Reply

Your email address will not be published. Required fields are marked *