Blog Post

Microsoft Entra Blog
3 MIN READ

How it works: Backup and restore for Microsoft Authenticator

Alex Weinert's avatar
Alex Weinert
Former Employee
Nov 13, 2019
Editor’s Note: For up-to-date resources, please visit the following:  https://support.microsoft.com/en-us/account-billing/back-up-account-credentials-in-microsoft-authenticator-bb939936-7a8d-4e88...
Auth Backup and Restore.PNG
Updated Mar 26, 2025
Version 9.0
end user
entra id
identity protection
security
Alex Weinert's avatar
Former Employee
Joined October 02, 2018
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
Steve55's avatar
Steve55
Copper Contributor
Jan 24, 2022
Hi Sergg 

"Does the backup and restore defy the point of MFA authentication? This process does potentially allows cloning Authenticator app into a secondary phone (with or without primary phone owner knowledge) and therefore defies the non-repudiation principals. What is the protection for the backup file of the authenticator? Microsoft Authenticator recommends using "Microsoft Live" account that is a personal account plus TEXT/Call/Email code for authentication. But all those methods will not stop from backing-up unlocked phone...

Is there in-app / server feature to detect two authenticator apps running simultaneously on the different phones?

P.S. There was always an option to clone an authenticator if initial QR code intercepted. But this was only limited to onboarding phase. Backup and restore opens an opportunity to get all the accounts cloned."

 

I've replied to your point in this thread where someone else has raised a similar point:

 

Cloud backup and recovery for the Microsoft Authenticator app on Android now available - Page 2 - Microsoft Tech Community