Home

Azure MFA with Authenitcator App and Touch ID or PIN

%3CLINGO-SUB%20id%3D%22lingo-sub-133878%22%20slang%3D%22en-US%22%3EAzure%20MFA%20with%20Authenitcator%20App%20and%20Touch%20ID%20or%20PIN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-133878%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Emaybe%20I%20am%20blind%20at%20the%20moment%3F%3C%2FP%3E%0A%3CP%3EIf%20you%20have%20a%20look%20at%20the%20App%20Store%20(e.g.%20Apple)%20you%20see%20the%20following%20sentence%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EJust%20approve%20the%20notification%20sent%20to%20the%20Microsoft%20Authenticator%20after%20entering%20your%20username%2C%20and%20provide%20your%20passcode%20or%20TouchID.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20the%20App%20is%20capable%20of%20asking%20me%20for%20a%20PIN%20or%20Touch%20ID%2C%20but...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20someone%20tell%20me%20if%20and%20maybe%20how%20I%20can%20configure%20Azure%20MFA%20settings%20in%20a%20way%20that%20the%20App%20is%20forced%20to%20ask%20me%20an%20additional%20PIN%3F%20I%20can%20just%20open%20the%20app%20and%20press%20confirm%20but%20I%20would%20like%20that%20the%20users%20are%20asked%20for%20a%20PIN%20to%20confirm%20the%20login%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-133878%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20MFA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-134216%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20MFA%20with%20Authenitcator%20App%20and%20Touch%20ID%20or%20PIN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-134216%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eyes....but.%20We%20have%20some%20discussion%20at%20the%20moment%2C%20because%20we%20are%20dealing%20with%20very%20confidential%20data%3A%20What%20if%20access%20to%20the%20system%20is%20done%20with%20the%20same%20mobile%20device%20on%20which%20also%20the%20Authenticator%20App%20is%20running.%20And%20let's%20assume%20that%20this%20device%20is%20comprimised.%20Saved%20password%20in%20browser%20%2B%20authenticator%20app%20which%20is%20open.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat's%20the%20current%20discussion.%20I%20totally%20agree%20with%20you%20regarding%20usability.%20But%20I%20would%20like%20to%20know%20if%20an%20additional%20PIN%20or%20TouchID%20could%20be%20enforced%2C%20following%20the%20description%20in%20the%20AppStore.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20and%20regards%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERalph%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-134020%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20MFA%20with%20Authenitcator%20App%20and%20Touch%20ID%20or%20PIN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-134020%22%20slang%3D%22en-US%22%3ESo%20you%20want%20a%20PIN%20on%20top%20of%20the%20actual%20mobile%20phone%20PIN%3F%3CBR%20%2F%3EThat%20would%20be%20incredibly%20frustrating%20for%20the%20user%20who%20has%20to%20unlock%20their%20phone%20and%20then%20unlock%20the%20app%20to%20then%20give%20access%20to%20a%20service.%3CBR%20%2F%3EI%20think%20you've%20misread%20the%20line%20in%20the%20app%20description.%20One%20you've%20authenticated%20to%20the%20phone%20you%20can%20then%20approve%20requests.%3C%2FLINGO-BODY%3E
Ralph Göbel
Occasional Contributor

Hi there,

 

maybe I am blind at the moment?

If you have a look at the App Store (e.g. Apple) you see the following sentence:

 

Just approve the notification sent to the Microsoft Authenticator after entering your username, and provide your passcode or TouchID.

 

So the App is capable of asking me for a PIN or Touch ID, but...

 

Can someone tell me if and maybe how I can configure Azure MFA settings in a way that the App is forced to ask me an additional PIN? I can just open the app and press confirm but I would like that the users are asked for a PIN to confirm the login

 

Thanks

2 Replies
So you want a PIN on top of the actual mobile phone PIN?
That would be incredibly frustrating for the user who has to unlock their phone and then unlock the app to then give access to a service.
I think you've misread the line in the app description. One you've authenticated to the phone you can then approve requests.

Hi,

 

yes....but. We have some discussion at the moment, because we are dealing with very confidential data: What if access to the system is done with the same mobile device on which also the Authenticator App is running. And let's assume that this device is comprimised. Saved password in browser + authenticator app which is open.

 

That's the current discussion. I totally agree with you regarding usability. But I would like to know if an additional PIN or TouchID could be enforced, following the description in the AppStore.

 

Thanks and regards

 

Ralph

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies