Last month, Authenticator Lite (in Outlook) moved to public preview, bringing the security and reliability of Microsoft Authenticator to an app users already have on their phones. Today we’re excited to announce that Authenticator Lite (in Outlook) is now generally available!
According to research done by Microsoft, multifactor authentications completed via push notifications in the Microsoft Authenticator app are 71% less likely to be compromised than those completed via SMS codes. Therefore, we strongly recommend moving your users off phone transports for authentication and towards more secure methods such as push notifications. Authenticator Lite (in Outlook) expands the opportunity to convert users by bringing the enhanced security of push notifications to devices that have not yet downloaded the Microsoft Authenticator App.
Users are prompted in Outlook on their mobile devices to register for multifactor authentication (MFA). Now, after they enter their password at sign in, they’ll have the option to send a push notification to their Android or iOS device.
The configuration for this feature is included with all Microsoft Authenticator feature settings in the Microsoft Entra portal and via MS Graph. For more information on how to enable Authenticator Lite, please see here.
This feature is an important security enhancement for users currently authenticating with SMS and voice methods. Therefore, we strongly recommend that you enable your users to leverage this capability as soon as possible. The feature is currently in the state ‘Microsoft managed.’ Until June 9, leaving the feature set to ‘Microsoft managed’ will have no impact on your users and the feature will remain turned off unless you explicitly change the state to enabled. Due to the security enhancement this feature provides users, the Microsoft managed value of this feature will be changed from ‘disabled’ to ‘enabled’ on June 9.
We’ve made some changes to the feature configuration, so if you made an update before GA —May 17—please validate that the feature is in the correct state for your tenant prior to June 9. If you do not wish for this feature to be enabled on June 9, move the state to ‘disabled’ or set users to include and exclude groups.
We hope you and your users enjoy this new feature, and, as always, please let us know of any questions or feedback by leaving comments down below or reaching out to us at aka.ms/AzureADFeedback.
Regards,
Alex Weinert
VP Director of Identity Security, Microsoft
Learn more about Microsoft identity:
- Get to know Microsoft Entra – a comprehensive identity and access product family
- Return to the Microsoft Entra (Azure AD) blog home
- Join the conversation on Twitter and LinkedIn
- Share product suggestions on the Entra (Azure AD) forum