Anyway we can get a full phone number for an userName instead of masked phone with only the last 4 numbers?
Hi @Ravi_Akkiraju ,
The attacker can make Auth API calls to retrieve the phone number for any user – however all but the last four digits are obfuscated (example: XXX-XXX-1234). This is limited risk, but phone numbers are sometimes considered sensitive information.
From an administrative perspective, you can use the Admin API to view a Duo user’s entire phone number.
Hope this helps!