Forum Discussion
Microsoft Authenticator on Apple Watch
According to this article:
https://support.microsoft.com/en-us/account-billing/common-questions-about-the-microsoft-authenticator-app-12d283d1-bcef-4875-9ae5-ac360e2945dd
The Microsoft Authenticator app is being discontinued on Apple Watch. I find this very disappointing. I used it many times per day. Yes, it was a bit buggy and unreliable, but it sure was better than picking up my phone every time! Please keep supporting the Watch app!
41 Replies
As a Help Desk tech, I authenticate to many services each day. Being able to tap "Approve" on my watch makes the login flow much easier than "pull out phone, faceID to phone, open Authenticator app, faceID again, then tap approve". I've also been getting users moved over from SMS to Microsoft Authenticator and touting the convenience of "just tapping approve on your watch" as compared to getting an SMS or call and entering a code.
If I can't use the Authenticator app, I'll just need to set up a third-party TOTP app that I can sync to my watch for ease of access.
Just hopping on to echo the other sentiment in this thread - removing this feature is a major step backwards and a huge disappointment. As a Systems Engineer, I used this feature several dozen times a day. It offered an excellent blend of security and convenience. I hope Microsoft revisits this decision.
I just posted to the Microsoft Azure feedback community. Please vote to keep the watchOS companion app https://feedback.azure.com/d365community/idea/2a6e7475-859f-ed11-a81b-6045bd8615b0.
The only explanation I can find for dropping support for the companion app for watchOS is that it’s "due to it being incompatible with Authenticator security features." The only place I can find this in Microsoft's documentation is in the https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match#apple-watch-supported-for-microsoft-authenticator article. In that article, it says that Microsoft will enforce the number match experience tenant-wide for all users starting February 27, 2023. Because of the similar timeframe, it's likely this feature that is incompatible. Further evidence of that is in Microsoft's response to a post in the New Microsoft Authenticator security features are now available! article: "Additional Context preview is supported for Apple Watch. However, if the user has Number Matching enabled, they will be unable to use the Apple Watch for authentication. We are working with Apple to address this limitation."
I don't understand why this can't be resolved since a similar number matching feature is working with Microsoft personal accounts. In fact, it's how I authenticated before writing this post. The only difference I see is that I'm prompted to choose one of three numbers when using my Microsoft account while the Azure AD number matching feature requires entering the number. Apple Watch allows entering numbers several ways so I don't see why this would be a limiting factor.
If number matching is the issue, I hope Microsoft will give admins the option to have users select one of x numbers instead of entering a number so that the watchOS companion app can continue to work, at least until the incompatibilities can be resolved.
Some people cannot use their phones for Microsoft Authenticator. There are certain situations where phones with cameras are not allowed. So, the phone is secured and an Apple Watch is used to respond to MFA push notifications.
If support for Apple Watch is removed, it can mean a significant expense for organizations and particularly for contractors that don’t get phones provided to them. It means switching to an Android phone with no camera, most of which are expensive rugged models, or trying to find some other watch that will continue to support Microsoft Authenticator and work with iPhones, if there is such a watch. It can also mean the expense of another monthly phone bill.
Please consider the impact that this will have, particularly with such short notice.
- What's the situation with this. As the notification that support is discontinued is not shown anymore and this seems to work just fine.
- I’m also replying to this thread to express my anger that Microsoft are removing the best feature of their Authenticator app in the Apple space. The watch-face is the perfect place to see the approve/reject buttons when logging into an MS service - who wants to get their phone out every time?!!
Let’s hope they hear their customer voices and relent 🤞WaynePlummer Yes agreed this is a major step backward for MFA ease of use, and poorly justified based on the little information released. Let's hope it is reconsidered for the benefit of customers.
- Just jumping in to keep this thread alive. I hope MS revisits this decision - I find the ability to authenticate on my watch a huge benefit.
- this is very unfortunate and has a major impact on our company. I don't understand microsoft how they simply switch off such a great function. Technically and user-friendly simply incomprehensible.
Extremely bad move on Microsoft's behalf and totally useless. Just fix the issue you have with Face ID and use the standard bypass of this request when the watch is worn and unlocked... Seriously, this is a really bad move.
This is one of the most disappointing announcements to come out of Microsoft - it was a killer feature of the AzureAD/Authenticator combo and something I relied on and promoted heavily as part of rolling it out - and was much loved by those who used it!
I remain hopeful that this is reconsidered - for those that have deployed such solutions it was a really great way to show how frictionless MFA can be…
