Allow Use of Microsoft Authenticator OTP in Azure AD

dilanmic · ‎Nov 17 2022

Hi All,

We wanted to enabled number matching and Passwordless with Microsoft Authenticator app and when I go to there I could see the below setting under configurations. But I wanted to make sure what that setting is and what it the recommended configurations for this "Allow Use of Microsoft Authenticator OTP" before configure in production environment.

appreciate if anyone could help me on this.

Thanks,

Dilan

ChristianJBergstrom · ‎Nov 18 2022

I believe the settings is about the possibility to use the Authenticator app when you happen to be "offline" for some reason, i.e. like a hardware token generating a code.

dilanmic · ‎Nov 18 2022

It basically allows the use of 6-digit one-time passcodes as part of the login process. It's not needed for either passwordless or number matching scenarios.

dilanmic · ‎Nov 18 2022

Thank You very much!

Brian Reid · ‎Nov 19 2022

Its all to do with the migration from the Legacy MFA methods. Legacy MFA methods (and SSPR Methods) will be removed as configurable options Jan 2024 (14 months from writing this). Before you migrate the option you have highlighted above is taken from the old and new settings, so the legacy setting "Verification code from mobile app or hardware token" will work even if the above is set to "No" as the legacy settings are accepted. Once you complete migration or Jan 2024 happens (see https://learn.microsoft.com/en-gb/azure/active-directory/authentication/how-to-authentication-method...) the legacy methods stop working, so you have the time between now and then to update all the settings under Authentication Methods to match your current settings, including this one.

ChristianJBergstrom · ‎Dec 09 2022

@dilanmic the docs have been updated with a proper explanation.

It's part of the migration mentioned above.

"If Verification code from mobile app or hardware token is enabled in the legacy MFA policy, set Allow use of Microsoft Authenticator OTP to Yes."

How to migrate to the Authentication methods policy - Azure Active Directory - Microsoft Entra | Mic...

AchRidwan · ‎Sep 19 2023

Help me for login Microsoft authentication need otm but can find choose number hp

dilanmic · ‎Dec 22 2023

if you wanted, set "Allow Use of Microsoft Authenticator OTP" to Yes. Make sure Verification code from mobile app or hardware token is enabled in the legacy MFA policy as well.

dilanmic · ‎Nov 18 2022

It basically allows the use of 6-digit one-time passcodes as part of the login process. It's not needed for either passwordless or number matching scenarios.

View solution in original post

Allow Use of Microsoft Authenticator OTP in Azure AD

Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Re: Allow Use of Microsoft Authenticator OTP in Azure AD

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Allow Use of Microsoft Authenticator OTP in Azure AD