On November 10th, 2020, Microsoft wrote an article outlining the dangers of using Phone-based Multi-Factor Authentication (MFA). They include both phone calls and SMS messages as dangerous due to the lack of security in the global phone system.

This is the latest in a series of changes recommending and now urging organizations like the City to move away from phone calls and text messages. The recommendation is to move to no-cost authentication applications like Microsoft Authenticator and Google Authenticator.

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752