Pricing  Get Quote
 
 
Blog

What is Microsoft Authenticator?

Written by Ashwin KumarMFA2 min read

On this page
  • Understanding Microsoft Authenticator
  • Why do you need Microsoft Authenticator?
  • Verification factors available in Microsoft Authenticator
  • Prerequisites to implement Microsoft Authenticator
  • How does Microsoft Authenticator work?
  • Use Microsoft Authenticator for MFA through ADSelfService Plus
  • People also ask

Understanding Microsoft Authenticator

Microsoft Authenticator is an MFA app for securing online accounts. Launched in 2016 as a TOTP generator, the app has now evolved into an authentication solution for Microsoft 365 and Entra ID environments as well as other major third-party apps. Users can quickly verify their identities in supported apps and services by approving the push notifications sent to the Microsoft Authenticator app.

Microsoft Authenticator also supports all apps and services that use TOTP-based authentication. After registering with the application once, the Microsoft Authenticator app will continuously generate codes that can be used to log in toaccounts without a password.

Why do you need Microsoft Authenticator?

Traditional passwords come with a host of disadvantages, from being easily forgotten to being vulnerable to hacking. Weak or reused passwords can compromise security, while even strong passwords can be susceptible to sophisticated cyberattacks. To address these issues, MFAis widely used as a secure alternative to password-based authentication. Authenticator apps play a crucial role by providing multiple layers of verification, ensuring that even if one factor is compromised,access to accounts is still protected.

Microsoft Authenticator supports MFA for a large suite of applications and services with TOTP-based authentication. However, its mainadvantage over other authenticator apps is its tight integration with Microsoft's solutions, the most prominent being Entra ID. Entra ID is a widely used IAM solution andthe preferred choice for building a cloud-based directory.Using Microsoft Authenticator for passwordless authentication for Entra ID keeps organizations safe against cyberattacks and phishing attempts by a large margin, at no additional cost.

Verification factors available in Microsoft Authenticator

Users can verify their identities through Microsoft Authenticatorin the following ways:

  • Device-based verification
    • Fingerprint verification (Supported in Android devices)
    • Face recognition (Supported in iOS and Android devices)
    • PIN verification (Used in devices that do not support the other two methods)
  • TOTP-based authentication

Prerequisites to implement Microsoft Authenticator

The simplicity of setting up Microsoft Authenticator is one of its main advantages. All that's needed is an Android or iOS device to install the app on.

To use the app forservices that support TOTP authentication, you will need to initiate configuration in the third-party app and scan the QR code displayed using Microsoft Authenticator. Then,Microsoft Authenticator will generate a TOTP for the app.

For setting up passwordless authentication for Microsoft services, you just need to log in to your Microsoft account from the Microsoft Authenticator app. Once done, follow the steps displayed in the app to complete the setup.

How does Microsoft Authenticator work?

Microsoft Authenticator operates by providing a secondary verification method during sign-ins. Here’show it works:

  • Sign-in attempt:You enter your credentials in to a Microsoft or supported service, whichinitiates the verification process.
  • Verification prompt: Microsoft Authenticator sends the sign-in request as a push notification to your registered device.
  • Approval: You approve the sign-in request via the app by verifying your identity using any of the supported device-based verification methods or the TOTP generated by Microsoft Authenticator for the service.
  • Access granted: Once verified, access to the service is granted.

Use Microsoft Authenticator for MFA through ADSelfService Plus

ManageEngine ADSelfService Plus offers adaptive MFA with 20 different authenticators, including Microsoft Authenticator. You can use MFA to protect endpoints, such as on-premises and cloud application logins, computers, VPNs, OWA, and self-service password management tasks. With ADSelfService Plus, customize the MFA authentication process for various user accounts based on their OU and group memberships, allowing you to secure your privileged accounts and activities against cyberthreats.

Secure your organization with passwordless authentication using ADSelfService Plus

People also ask

What is Microsoft Authenticator?

Microsoft Authenticator is a mobile app for MFA that's used to enhance the security of your online accounts. It supports passwordless sign-in for your Microsoft services, using various verification methods to secure access to your accounts, such as biometric verification, TOTPs, and number-matching push notifications.

What resources does Microsoft Authenticator secure?

Microsoft Authenticator secures a wide range of resources, including:

  • Microsoft accounts (e.g., Microsoft 365, Entra ID, Microsoft Defender, and Outlook).
  • Third-party apps and services that support MFA using TOTP that can be linked through QR codes or manual setup.
  • Devices requiring secure access through TOTP verification.

What are the prerequisites to implement Microsoft Authenticator?

To implement Microsoft Authenticator, you'll need:

  • An Android or iOS devicein which the Microsoft Authenticator app can be installed.
  • Apps or services that support authentication using TOTP.
  • A Microsoft account if you wish to secure access to your Microsoft accounts and apps.

Can I use Microsoft Authenticator on desktops?

No, Microsoft Authenticator cannot be installed on desktops and PCs. It can only be installed on iOS and Android devices.

How can I use Microsoft Authenticator?

When you sign in to your non-Microsoft accounts, you will be prompted for a TOTP to be entered on the login screen. You can find this TOTP in the Microsoft Authenticator app, which can be accessed after completing the device verification.

When you sign in to your Microsoft account, you will be prompted to approve the sign-in notification on the Microsoft Authenticator app, where you will use the device verification method that you registered with.

Does Microsoft Authenticator work without an internet connection?

Microsoft Authenticator requires an internet connection to receive verification notifications and for the initial setup of services using TOTP. Once these are set up, TOTP codes can be generated by Microsoft Authenticator without an internet connection.

How do I set up Microsoft Authenticator?

To set up Microsoft Authenticator for your personal accounts:

  • Download the Microsoft Authenticator app on your device.
  • Add a supported service in the app manually or by scanning the QR code shown when setting up TOTP authentication.

To set up Microsoft Authenticator for your users in Microsoft 365, you can add it as a verification method when setting upEntra ID MFA

 

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust
Email Download Link