Forum Discussion
Microsoft Authenticator App - restore on new phone?
What is the recommended workflow to restore the Microsoft Authenticator App on a new phone, in case a user loses his phone or receives a new phone?
Also, Work Accounts are never completely backed up/restored. They need to approve the account sign in from the old phone or alternative method. I assune this is a security decision so that MFA methods for work accounts are not stord in iCloud for example for iOS devices.
Microsoft recommends abandoning Phone/SMS and switching over to Microsoft Authenticator. Personal accounts for backup is definitely not an option, and you say the account needs to be approved on a new phone.
What options do I have if a user loses his phone on a business trip?
What options do I have if a user loses his phone on a business trip?
- If you allow SMS/Phone Call they can sign in using this method. If you ONLY allow Microsoft Authenticator the user needs to call the helpdesk to get their MFA methods reset and add a new Microsoft Authenticator on a new phone they get from somewhere. Of course, there are other alternatives too like FIDO2, Softeare/hardware OATH tokens but that is additional stuff.
- But isn't FIDO2 or Software/hardware OATH tokens a better alternative, when SMS/Phone Calls are not considered secure? I don't see the point in having Microsoft Authenticator AND SMS/Phone Call, when Microsoft is telling you that SMS/Phone Call is not secure. This is undermining the security of having Microsoft Authenticator as second factor.
