Many customers work in environments with security and compliance concerns requiring authenticators to use cryptography validated by the Federal Information Processing Standards (FIPS) 140 (reference NIST SP 800-63B). We're excited that Microsoft Authenticator on iOS is now FIPS 140 compliant (Android coming soon). Authenticator version 6.6.8 and higher on iOS is FIPS 140 compliant for all Azure Active Directory (Azure AD) authentications using push multifactor authentications (MFA), Passwordless Phone Sign-In (PSI), and time-based one-time passcodes (TOTP).
No changes in configuration are required in the Authenticator app or Azure Portal to enable this capability. Users on Authenticator version 6.6.8 and higher on iOS are FIPS 140 compliant by default for Azure AD authentications.
Authenticator leverages the native Apple cryptography to achieve FIPS 140, Security Level 1 compliance on Apple iOS devices. For more information about the certifications being used, reference theApple CoreCrypto module.
As always, we want to hear from you! Feel free to leave comments down below or reach out to us on aka.ms/AzureADFeedback.