Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Update to the Microsoft Authenticator app now rolling out
Published Mar 04 2020 09:00 AM 35.5K Views

Howdy folks,

 

I’m excited to announce that a new feature for the Microsoft Authenticator app allows you to change your password, update your security information, and view your recent account activity for your personal Microsoft accounts.

 

The Microsoft Authenticator app keeps you informed about what’s going on with your account, by sending security notifications to your personal Microsoft account—making it easy for you to manage your account. This update provides you with even more options.

 

Starting today, we’re rolling out this update to iOS TestFlight, and we’ll be slowly rolling out to all users over the next few weeks. The update will come to Android later this year. You can download the Microsoft Authenticator app if you haven’t already done so. (Note: You’ll need iOS, version 6.4.0 to try out the refreshed app.)

 

Additional Account Options

As part of our commitment to continually improve our customer experiences, we revamped the UX of how accounts are represented in the Microsoft Authenticator app. We heard from customers that staying informed about your account security should be simple and seamless, and we’ve been listening.

 

Now, each of your accounts expand into a full screen view, where you’ll see more options pertaining to that account. The goal is to make it easy for you to take action if your account gets compromised and to stay aware of your account security so you don’t get locked out.

 

Authenticator App.png

 

Note: We’ve received a few questions about whether or not account management options are available for Azure AD account. At this time these features are only available for Microsoft accounts. We are working to make them available for Azure AD as well, but before we turn them on, we want to make sure IT admins can choose which options are available in the app. We don’t have a firm date for when that will be available yet, but hopefully it won’t be long now.

 

Check out our FAQs page for more details. We always love to hear your feedback and suggestions and look forward to hearing from you! Let us know what you think in the comments below or reach out to us on Twitter @Alex_A_Simons or @Olena_Huang.

 

Best regards,

 

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

 

33 Comments
Brass Contributor

The app is great, I hope you'll make good progress on getting this to Office 365 accounts as well.

 

You should really work on making the app more friendly when using a lot of accounts. I currently have 28 accounts registered (AAD/M365, Live + a load of regular OTP accounts), and there's a lot of scrolling, searching and expanding accounts when signing into accounts. It should be possible to color code the accounts, and to zoom into the one you want quickly.

Microsoft

@faffe Thanks for the feedback. We definitely hear you. I'm sure it can be difficult with 28 accounts since our app isn't built to optimize that scenario (right now, most of our users have 1 or 2 accounts). Things are always changing and people are adding more and more accounts, so we're definitely thinking about how to improve the app experience for many accounts going forward.

@Olena Huang and @Alex Simons (AZURE) Keep up the Good work on this Authenticator App :cool:
I got now 16 accounts and rising.

Brass Contributor

ohh noooo, I have to wait because I'm on Android ;)

Microsoft

Great news !!! I love this app!! Essential for security !!

Copper Contributor

How can I get in the iOS TestFlight?

Iron Contributor

It's good to see that the app is continuing to get updates.  A few minor "asks" would be to give us the ability to mark accounts as favorites so they bubble up to the top.  Also, give us the option to sort the list.  For those of us who have many accounts, it always puts new ones at the bottom.  We then have to manually move/sort them.  Finally, it would be great to have an easier way to backup the accounts to onedrive for business or something within azure.  When dealing with many users, it's a challenge to get them to sign up for a free outlook.com account which would only be used for backups.  It adds more work to my plate and many forget their passwords since it's something they don't often use.   These 3 things would make it way easier for us admins that have to help users with the app.  Thanks again.

Microsoft

@David Wanderer Thanks for the feedback! We hear you, and we know the app isn't optimized for many accounts yet (most of our users only have 1-2 accounts in the app). But going forward, since we know people are adding more and more accounts, we want to improve the experience for many accounts. We're also evaluating how we can improve our backup feature.

Microsoft

@CYoung5 I just privately messaged you with instructions on joining TestFlight. Thanks!

Copper Contributor

FYI Having 20-30 accounts is a norm for any developer or MSP/CSP partner. The Azure Portal handles this multi-account scenario nicely and elegantly. Why don't you? Your simplification and one-account assumption does not help users, but leads to confusion and frustration.

Hi Alexander,

 

The limitation is actually in the device registration process - Azure AD currently supports only one user per registered device.

The Authenticator team wanted to support multiple accounts, but ran into this blocker. We are working to address so you can use multiple accounts.  

Best regards

Alex Simons

CVP Identity Program Management

Copper Contributor
Hi Alex,
Thanks for the explanation.
 
I would like to add this - my comment was not only about UX on mobile devices, but rather about UX with various Microsoft portals. Plus, not only about login dialogs, but also about problems with SSO and multiple accounts in many of these portals.
 
This is a brief summary of my experience working with MS portals.
 
The best user experience (UX) is provided by the Azure Portal.
The Azure Portal has 3 very useful features that I think should be provided by any web portal. Look at the “SSO control” (my name, for the lack of better name) that is available in the top-right corner of the portal:
 
1). it shows me my current who-I-am info, including my email and Azure AD tenant name – very useful, help to avoid confusion when I am working with multiple Azure subscriptions.
2). it allows me to switch directory – as an admin and MSP, I am entitled to work with multiple tenants (normally about 20-30, about half-a-dozen per customer).
3). is allows me to sign in with a different account (any IT person has hundreds of accounts these days).
 
All 3 features are a must-to-have for any sysadmin, developer, MSP/CSP partner, or B2B partner.
Unfortunately, today only Azure Portal and MPN Partner Portal provide these features in a nice, convenient format.
 
Other portals, like Office, Dynamics, myapps, techcommunity, yammer, and many other MS portals, are ignoring one or two, or sometime all 3 of these features.
Some portals that have this "single account" mentality can be easily stack in "cannot login" SSO-enforced single account state and do not even suggest any means to recover.
 
I would like to suggest for all Microsoft portals to adopt a standard "current user" top-right corner control, which should expose all 3 features mentioned above (not unlike the one implemented in Azure Portal and MPN Partner Portal. Perhaps ask Azure team to share their implementation on GitHub, or something ;)).

Today you have a standard Azure AD Login dialog, so having a standard top-right corner SSO control would definitely be a step in the right direction.
As today, every portal has its own implementation of this control, often ignoring the user needs to see who he is and to switch between SSO accounts or directories.
 
Let me know if you like the idea, I would be happy to become your first beta tester for this new feature.
 
Hope this will help to make Microsoft web portals better.
 
Alexander Abalakov
CEO & Cloud Solutions Architect
Diagramics Software Corporation

I'm glad to hear you like the Azure portal experience. We worked very hard on it ;) That experience is the best of class and we are working with teams across the company to get them to align to that model. For some services it's pretty straight forward, for others, it's a lot more work, but we are definitely making progress. Hopefully you'll see a lot of improvements in the next 6 months or so.

 

While you are waiting for those improvements, I would highly recommend using the profiles feature in the new Edge (the version based on Chrome). It has really nice cookie isolation, so it makes it super easy to maintain different identity contexts. I use it all the time to keep my many Azure AD and MSA accounts all working independently from each other.

 

Best regards,

Alex 

Copper Contributor

Is there a way I can test this out too?

Copper Contributor

Great news, Alex, that you are moving towards the Azure Portal UX. Three cheers for that!

Microsoft

@AyazP I messaged you privately with instructions to join TestFlight. Thanks!

Copper Contributor

Are there any plans to allow the Microsoft Authenticator app to register devices (iOS / Android) as trusted, for the purposes of Conditional Access MFA?  Right now, in Conditional Access Policies, the control options are 'Require multi-factor authentication', 'Require device to be marked as compliant', 'Require Hybrid Azure AD joined device'.  Today, the 'Require device to be marked as compliant' option requires Intune.  Ideally, the device registration option in Authenticator would meet this, or another, selectable requirement.  This would alleviate an issue we commonly see, where users receive multiple 'Enter the password for the Exchange account' prompts (typically after password changes), when navigating through the MFA process for the iOS mail app.

Copper Contributor

Hey @Olena Huang,
can you please send me those instructions for the test flight, too. Thank you :thumbs_up:

 

Microsoft

@Sven Lüders I messaged you. Thanks!

Copper Contributor

Hi Alex and @Olena Huang 

I would be interested in taking part on the test flight.

Is it still possible to join?

Best regards

Michael

Copper Contributor

Hello, this site gives information about the authenticator app being tested but does anyone know the timing of when it went live?  Several people within our organization received the update without communication and it is causing lots of escalations.  

Microsoft

@mw8er Just messaged you about TestFlight.

Microsoft

@croosien40 This began rolling out to the general public on March 10. As of today, March 16, it is fully rolled out to the public.

Copper Contributor

I'd like to join the testflight for this as well.. please send me instructions if possible. Thanks in advance! :)

Brass Contributor

Hello, Do you have security documentation on the Authenticator App's Access tokens and Refresh tokens and the crypto secrets for registering the authenticator?  Any diagrams and data flows will help me get this approved by my organization's security for use.  Thanks.

Microsoft

@KevinP-SPGI messaged you.

Iron Contributor

@Alex Simons (AZURE)  wrote I'm glad to hear you like the Azure portal experience. We worked very hard on it ;) That experience is the best of class and we are working with teams across the company to get them to align to that model. For some services it's pretty straight forward, for others, it's a lot more work, but we are definitely making progress. Hopefully you'll see a lot of improvements in the next 6 months or so.

 

While you are waiting for those improvements, I would highly recommend using the profiles feature in the new Edge (the version based on Chrome). It has really nice cookie isolation, so it makes it super easy to maintain different identity contexts. I use it all the time to keep my many Azure AD and MSA accounts all working independently from each other.

I have tried this workaround and it helps to some extent - but what it doesn't help with is if go to google something that brings up an article on a microsoft site sometimes it will randomly sign me in as my personal microsoft account on the way through to the post/article and then when I go to office.com in another tab i find I have suddenly been signed out of my work account and am now signed in as my personal microsoft account. 

 

Why can't they not use separate cookies for each authentication type and then at least we would not get this random switching in and out accounts ? some older microsoft sites still only seem to use personal accounts and this is when it gets in a mess. 

 

You have been promising this since 2016 https://techcommunity.microsoft.com/t5/azure-active-directory-identity/cleaning-up-the-azuread-and-m... 

 

Even simple modern microsoft web sites like todo can't handle it https://support.microsoft.com/en-gb/office/using-multiple-accounts-with-microsoft-to-do-49d89f46-781...  - when you read that article it gives that impression that it handles multiple accounts until you read the small print at the end and find out that actually it is only the windows and android apps that do.  Why bother to develop that for the app and not for the web browser which is probably more common used these days ?    

 

Please could you give us a clearer timescale for delivering this from the teams? as sorry I don't believe this when you have been promising it since 2016!

 

 

@technonath - I totally understand your frustration. In fact there are days when I'm super frustrated about it as well.  We've been working very hard across the hundreds of Microsoft service and app teams to get this fixed. It's getting gradually better everywhere, but there are very few places beside Azure (where I have a lot more direct input/control) where we have reached our goals yet.  I apologize for that and wish this were not the case. It definitely keeps me up at night sometimes.  The good news here is that in the next 180 days, you'll see some really notable/significant improvements across the Office sets of apps and services (at least the major ones) that will make this a LOT better for everyone. And the Microsoft exec team is very bought into making this happen everywhere - it's just a mammoth challenge to herd all the cats to do the right things when they each have specific competitors in their individual markets they need to focus on competing with.  Anyway, please keep asking/pushing on us and also on each of the product teams. The more product teams hear directly from you about this, the more likely we all are to get it right.  Thanks! Alex

Copper Contributor

Hey all - I know I am late to this thread but I am wondering if there is a Roadmap page for this app, or a place specific to provide improvement ideas? We love push notification, but it doesn't have anything in the notification to provide context, like "Outlook on Computer xxx-yyyyyy is requesting MFA" that would let a user know that their login matches a known machine and app and that the push isn't actually a foreign hacker with phished creds. Seems like Duo and other MFA providers offer this capability (At least an IP address).

Copper Contributor

Hi Alex,

I was wondering if you have any further update around adding account management options for Azure AD accounts in Authenticator.

 

We have a large front line workforce that we would like to onboard to Authenticator and this feature will make it much easier.  Most of them don't have access to a computer at work so registering for MFA/SSPR on the Authenticator app would be amazing.

 

thanks

Iron Contributor
@Alex Simons (AZURE) wrote:

 We've been working very hard across the hundreds of Microsoft service and app teams to get this fixed. It's getting gradually better everywhere, but there are very few places beside Azure (where I have a lot more direct input/control) where we have reached our goals yet.  I apologize for that and wish this were not the case. It definitely keeps me up at night sometimes.  The good news here is that in the next 180 days, you'll see some really notable/significant improvements across the Office sets of apps and services (at least the major ones) that will make this a LOT better for everyone. And the Microsoft exec team is very bought into making this happen everywhere - it's just a mammoth challenge to herd all the cats to do the right things when they each have specific competitors in their individual markets they need to focus on competing with.  Anyway, please keep asking/pushing on us and also on each of the product teams. The more product teams hear directly from you about this, the more likely we all are to get it right.  Thanks! Alex

 

 


Well it has been more than 180 days, and there is no sign of todo on the web supporting anything other than my work account and the same seems to go for all the other products I use.  Can we get an update on where you are with this as it feels like there is no effort to resolve these issues at all.

 

Copper Contributor

Please add folder or group for authenticator accounts. I'll have 100+ account in a single column otherwise.

Copper Contributor

Alex Simons,

 

Can you please address this question in this post or make a new post as it will not allow me.  I also tried to PM you but it says you have that turned off.  If there is a more appropriate resource to reach out to please supply that also.

 

We are starting to use the Microsoft Authenticator app more and more in a business only setting and have been happy to see new features being rolled out, backup, and now password sync are 2 big great features but why is Microsoft only making these features available for personal Microsoft Accounts?  We want our users to be able to keep work stuff segmented from their personal lives for security and risk reasons and do not understand why Microsoft security apps constantly try to blur these lines?  Are these features not being offered on Work Microsoft accounts for legal reasons?  Please I would love a discussion as I know this is a big issue but this online forum does not let me create a new post.  So I would appreciate if you could do this on my behalf so we can have an open discussion with all the Microsoft resources.  Thanks

Version history
Last update:
‎Mar 04 2020 10:25 AM
Updated by: