Blog Post

Microsoft 365 Blog
2 MIN READ

Easily sign-in to all Microsoft accounts using the Outlook app

Shivani_Gupta's avatar
Shivani_Gupta
Icon for Microsoft rankMicrosoft
Apr 08, 2024

Now you can use Outlook for Android as a sign-in verification method for your Microsoft apps and services. 

We know how much of a hassle it is to use and manage passwords for your personal accounts. In addition, passwords and even easy to use sign-in methods like SMS messaging leave accounts vulnerable to attack. That's why we are excited to announce that now you can use the Outlook app to sign in to your Microsoft services, such as Microsoft 365, OneDrive, Teams, and Windows, in a secure and convenient way.  

 

With Outlook sign-in verification, you don't need to remember or type any passwords or use a onetime SMS code, you can simply use the Outlook app plus a biometric or PIN to approve a sign-in on your phone. This sign-in verification functionality will be automatically enabled when you use the latest version of the Outlook app.   

 

Figure 1 Auto enabled when user opens Outlook app on Android

 

The next time you sign in on to your Microsoft account on any device, you will be prompted to approve sign-in request using Outlook on your Android phone. The notification will show a number matching prompt, followed by biometric or PIN verification. 

 Figure 2 Sign-in using Outlook Android app

Figure 2 Sign-in using Outlook Android app

 

 

Note that if you already have Microsoft Authenticator configured on your phone, you can continue to use it to sign in.  

 

Support and Resources 

To learn more about the new Outlook sign-in verification feature for Microsoft account and for support, click here.  We are rolling this out to all Outlook Android users. Support for Outlook on iOS is on the roadmap, and we will share more details at a future date.  

 

We hope you enjoy this new, more convenient way to sign in, and, as always, please let us know of any questions or feedback by leaving comments down below.

 

On behalf of Outlook and Microsoft account teams,

  

Shivani Gupta 

Product Manager 

Microsoft Identity  

 

 

Updated Apr 09, 2024
Version 4.0
  • Tom_S's avatar
    Tom_S
    Brass Contributor

    NVader20001500 Shivani_Gupta 

    My objection to the mixing of messaging and security functionality within Outlook Mobile stands whether it is a work or personal account.  

     

    Integrating SMS in Outlook Mobile Lite could be a good move and is within the messaging / communication domain.  I reiterate Authentication is a different skill domain and doesn't belong in a messaging application.  At least let the groups responsible for the newfound emphasis on security at Microsoft have a look and review the concept and execution.

  • wtfmsft111's avatar
    wtfmsft111
    Copper Contributor

    I have a user with a Microsoft Business Standard license that received this prompt - on their work account.

    This user has an iPhone and does not have the Authenticator app installed.

  • joethewolfe If you don't have Android phone or tablet, you can continue to use password to sign-in. If you have Android device and get enrolled to receive sign in request, you can go back to using passwords by clicking on "Use your password instead". If you still don't see an option to use passwords, please reach out to support, seems there is another issue. You always have option to change what you prefer to use - Using Microsoft mobile apps to sign in - Microsoft Support.

    Also, read this about passwords - Your Pa$$word doesn't matter - Microsoft Community Hub. 

     

  • joethewolfe's avatar
    joethewolfe
    Copper Contributor

    I do not have an android phone and I do not always have my android tablet with me when I need to log into email via computer.  I was not provided an option to log into my email via password.  Springing this change on people without warning or options is nonsense.  I will need to find a different email platform.

  • JonasBack's avatar
    JonasBack
    Steel Contributor

    What is the plan for Work Accounts? I assume it will be possible to disable/enable just like you could turn off MFA in Outlook app aka Authenticator Lite.

  • TIGOS1465's avatar
    TIGOS1465
    Copper Contributor

    I agree with TOM S.

     

    Dont mix things, this is not the way IT want for users in enterprise environment.

     

    This is risky!

  • standard_duck's avatar
    standard_duck
    Copper Contributor

    Is this rolling out/applying to Enterprise orgs/tenants, or just personal accounts? If it's going to be rolling out for all, is there a way to centrally disable the functionality? This seems similar to the "Authenticator on Companion Apps" functionality, so I'm curious how this is different and/or applies to Enterprise orgs.

  • Tom_S's avatar
    Tom_S
    Brass Contributor

    It is not appropriate for Outlook to be handling authentication prompts.  

    The domain of Outlook is messages (mail and Teams chat), calendar, and tasks.  Each of those is hard enough, especially with the embedded elements of html messaging, and various protocol parsing, e.g. iCal.  

    Password-less authentication, TOTP, as well as credential synchronization are the domain of Microsoft Authenticator.  A few things it does very reasonably well.

     

    Different threat models, different analysis and coding skills, different consequences in case of failure, different update cycles and deferral priorities.  Just because one may receive SMS codes in an SMS app or one-time codes in email, doesn't make either of those a security first tool like a password vault.  I can defer a mail client update depending on known issue impact.  Much different evaluation for authentication tools.

     

    Better to figure out a way for Outlook to safely invoke any separate authenticator and provide a policy to turn this flawed idea off.  

     

    Promoting password-less auth is good.  This way is not.