Forum Discussion
Microsoft Authenticator App - restore on new phone?
What is the recommended workflow to restore the Microsoft Authenticator App on a new phone, in case a user loses his phone or receives a new phone?
If you allow SMS/Phone Call they can sign in using this method. If you ONLY allow Microsoft Authenticator the user needs to call the helpdesk to get their MFA methods reset and add a new Microsoft Authenticator on a new phone they get from somewhere. Of course, there are other alternatives too like FIDO2, Softeare/hardware OATH tokens but that is additional stuff.
But isn't FIDO2 or Software/hardware OATH tokens a better alternative, when SMS/Phone Calls are not considered secure? I don't see the point in having Microsoft Authenticator AND SMS/Phone Call, when Microsoft is telling you that SMS/Phone Call is not secure. This is undermining the security of having Microsoft Authenticator as second factor.
