Merge pull request #310738 from bernawy/patch-68

prmerger-automator[bot] · web-flow · commit 988a6c4f44a0 · 2026-01-23T21:54:19.000Z
Improve clarity in phone-based MFA guide
diff --git a/articles/active-directory-b2c/phone-based-mfa.md b/articles/active-directory-b2c/phone-based-mfa.md
@@ -7,7 +7,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 11/05/2025
+ms.date: 1/21/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: sfi-image-nochange
@@ -123,22 +123,29 @@ To help prevent fraudulent sign-ups, remove any country/region codes that do not
     <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
     <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signin" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_signup_signin">
+      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
+      PolicySchemaVersion="0.3.0.0"
+      TenantId="yourtenant.onmicrosoft.com"
+      PolicyId="B2C_1A_signup_signin"
+      PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_signup_signin">
     
       <BasePolicy>
         <TenantId>yourtenant.onmicrosoft.com</TenantId>
         <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
       </BasePolicy>
-    
+
+      <!-- Add this BuildingBlocks section to the relying party policy. -->
       <BuildingBlocks>
-         <!-- Add the XML code outlined in Step 2 if this section. -->
+         <!-- Add the XML code outlined in Step 2 in this section. -->
       </BuildingBlocks>
     
       <RelyingParty>
         ...
       </RelyingParty>
     </TrustFrameworkPolicy>
     ```
+> [!IMPORTANT]
+>Add the code in step 2 to the _relying party policy_ to enforce country/region code restrictions on the server side. You must not define these elements only in parent policies; put them in the relying party policy.
 
 1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country/region codes relevant to your organization:
 
@@ -178,11 +185,8 @@ To help prevent fraudulent sign-ups, remove any country/region codes that do not
    
     The countryList acts as an allow list. Only the countries/regions you specify in this list (for example, Japan, Bulgaria, and the United States) are permitted to use MFA. All other countries/regions are blocked.
 
-  > [!IMPORTANT]
-  > This code must be added to the relying party policy to ensure the country/region code restrictions are properly enforced on the server side. 
+
 
 ## Related content
 
 - Learn about [Identity Protection and Conditional Access for Azure AD B2C](conditional-access-identity-protection-overview.md) 
-
-- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)
