Is it possible to apply Microsoft Authenticator passwordless Sign-In MFA to Office/Microsoft 365's native desktop apps (latest versions) so that the user gets prompted with push MFA validation via Microsoft Authenticator on their mobile device, the same as they would using the Office 365 web apps?Assume the applications are being launched from an fully native Azure AD integrated user account on a Windows 10 Business OS platform.

Have you enabled modern authentication?https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide#enable-modern-authentication-for-your-organization

Can Microsoft Authenticator Passwordless Sign-In be applied to Office 365 desktop apps?

Cian Allner
Silver Contributor
Mar 11, 2020
Hi, yes, this should work the same way it does with web apps, all the common Microsoft desktop apps, since around Office 2013 (and mobile ones) understand modern authentication, so when MFA is required when adding your work or school account, MFA will be enforced natively (no need for app passwords). This link goes through registration and overall experience (step 4 and 5 particularly):

https://support.office.com/en-gb/article/use-microsoft-authenticator-with-office-365-1412611f-ad8d-43ab-807c-7965e5155411

How MFA is enforced will vary depending on the licencing, this table has lots more info - Available versions of Azure Multi-Factor Authentication.

With Conditional Access, you get the most control, which is part of Azure AD Premium and comes with Enterprise Mobility + Security, Microsoft 365 Business or Enterprise. Otherwise, for the relevant Office 365 subscriptions (details in the above link), it works as so:

"Azure Multi-Factor Authentication is either enabled or disabled for all users, for all sign-in events. There is no ability to only enable multi-factor authentication for a subset of users, or only under certain scenarios. Management is through the Office 365 portal."
- OneTechBeyond
  Iron Contributor
  Mar 11, 2020
  Cian Allner,
  
  Hmmmm, that was what I suspected but I am still prompted to use App Passwords with my Office desktop apps (running Office 365 desktop apps; all patched to the latest version), with my Microsoft 365 account.
  
  I have Microsoft Authenticator Passwordless Signin working perfectly when logging into portal.office.com and using Office mobile apps (Mac and Android), but for some reason it's not working with Office dekstop apps on my Windows 10 Business client, even under my Azure AD integrated profile.
  
  My license is Microsoft 365, but perhaps the issue may be that I'm not on Microsoft 365 E3/E5? How would I check this?
  - Thijs Lecomte
    Bronze Contributor
    Mar 12, 2020
    Have you enabled modern authentication?
    https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide#enable-modern-authentication-for-your-organization

Forum Discussion

Can Microsoft Authenticator Passwordless Sign-In be applied to Office 365 desktop apps?

Resources