Forum Discussion
Difference between "Microsoft Authenticator" and "Authenticator app" in Security Info
When I visit Security info (https://mysignins.microsoft.com/security-info), I see two different sign-in methods, "Microsoft Authenticator" and "Authenticator app". I have added my Microsoft work acco...
I tried deleting "Microsoft Authenticator", which worked. But after that I did not receive any notifications in the app.
Then I tried deleting the "Authenticator app" entry, which also worked, but after that I was not able to select "Use an app instead" while logging in the browser.
I assume that each entry has its own meaning. When I look at the selection of the default sign-in method there is further explanation:
There are other Authentication apps, and you can also decide which options should be available based on the MFA service settings.
https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx
https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx
- Aren't those settings the obsolete? This is the "old MFA", which should not be used anymore. I have set every user to "Disabled" in the per-user MFA portal. Do the settings there still apply?
- Yes, they are "legacy settings". But still, you can configure settings in there. You should obviously not use per-user MFA. I'm just mentioning the service settings (2nd tab).
- Ok, I am disabling all user accounts, so the per-user MFA is not used any more.
We see a pattern, that users with admin roles have two authenticator apps enabled ("Microsoft Authenticator" and "Authenticator app"). And deleting one or the other prevents passwordless sign-in from functioning.