Forum Discussion
Solved
Azure MFA and NIST requirements
Hi there, I am currently involved in a SharePoint project dealing with high security requirements and I have some problems matching NIST requirements with Azure MFA ways to authenticate. NIST 80...
I'm afraid I'm far from an expert in this realm, but I believe that the Authenticator app can function as an OTP and an out-of-band device. It functions in OTP mode when you have it setup to give you a one-time code each time you need to log in, and it functions in out-of-band mode when you have it set up to send the user a prompt via Authenticator that they must respond to in order to complete sign in. Hopefully this at least helps a bit Ralph!
I'm afraid I'm far from an expert in this realm, but I believe that the Authenticator app can function as an OTP and an out-of-band device. It functions in OTP mode when you have it setup to give you a one-time code each time you need to log in, and it functions in out-of-band mode when you have it set up to send the user a prompt via Authenticator that they must respond to in order to complete sign in. Hopefully this at least helps a bit Ralph!
Hi Grant,
sorry for delay in reply and thank you very much for sharing your thoughts. I think the idea is not to enable e.g. SMS as authentication method, but only codes inside the authenticator app. This will be considered as out of band, even user tries to access services from the same device.
Thanks and regards!
Ralph
No worries at all! I believe you are correct about that, the Authenticator prompt seems to be the preferred method going forward. There have been some security issues around the global telecom system that manages SMS, so most companies seem to be trying to discourage anyone from using that method anymore if possible.