Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Difference between "Microsoft Authenticator" and "Authenticator app" in Security Info

Iron Contributor

When I visit Security info (https://mysignins.microsoft.com/security-info), I see two different sign-in methods, "Microsoft Authenticator" and "Authenticator app". I have added my Microsoft work account only in one authenticator app (Microsoft Authenticator) on one device.

 

What is the difference between those methods?

 

Kiril_1-1668775996776.png

 

This is how my account looks on the Microsoft Authenticator side:

 

Kiril_0-1668776178505.png

 

 

 

 

 

6 Replies
Seen that before as well. There's no difference in behavior but imagine it depends on how it the Authenticator app was set up. I.e., adding from the sign-in process vs adding yourself from the Security info page. You can delete one of them.

@ChristianJBergstrom 

I tried deleting "Microsoft Authenticator", which worked. But after that I did not receive any notifications in the app.

 

Then I tried deleting the "Authenticator app" entry, which also worked, but after that I was not able to select "Use an app instead" while logging in the browser.

 

I assume that each entry has its own meaning. When I look at the selection of the default sign-in method there is further explanation:

 

Kiril_0-1668780900136.png

 

There are other Authentication apps, and you can also decide which options should be available based on the MFA service settings.

https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx
Aren't those settings the obsolete? This is the "old MFA", which should not be used anymore. I have set every user to "Disabled" in the per-user MFA portal. Do the settings there still apply?
Yes, they are "legacy settings". But still, you can configure settings in there. You should obviously not use per-user MFA. I'm just mentioning the service settings (2nd tab).
Ok, I am disabling all user accounts, so the per-user MFA is not used any more.

We see a pattern, that users with admin roles have two authenticator apps enabled ("Microsoft Authenticator" and "Authenticator app"). And deleting one or the other prevents passwordless sign-in from functioning.