Blog Post

Microsoft Entra Blog
2 MIN READ

External Identities B2C supports Authenticator apps, and new data residency pricing

Robin Goldstein's avatar
Robin Goldstein
Icon for Microsoft rankMicrosoft
Jan 21, 2022

[UPDATE: August 10th, 2022] TOTP based MFA for Azure AD B2C is now Generally Available (GA)! 

 

Hello friends,

 

At the beginning of this calendar year, we announced two public previews for multi-factor authentication (MFA) with time-based one-time passcode (time-based OTP) for B2C users and a change to our support for data residency in Azure AD B2C directories.

 

At last, I am thrilled to announce those features for External Identities B2C supports Authenticator apps, and new data residency pricing have gone generally available (GA)! For those who missed public preview letโ€™s review why these are major milestones.

 

Strengthen MFA for B2C users with time-based OTP

Rising fraud and security attacks make it critical to protect consumer accounts with more secure forms of MFA. By incorporating time-based OTP through an authenticator app in your B2C user flows, you can provide a higher level of security compared to existing email and phone factors, without incurring additional telephony charges. Learn more from my colleague, Alex Weinert, about why we believe app-based MFA is more secure than email and phone MFA alone.

 

Time-based OTP for your user accounts can be configured with any authentication application. We recommend setting up your time-based OTP with Microsoft Authenticator, which uses encrypted bi-directional communication for authentication status and supports additional context and control that make it easier for your users to help protect themselves.

In this B2C user flow, a Contoso customer is prompted to complete authentication using time-based OTP with the Microsoft Authenticator application.

Read the documentation to learn how to set up time-based OTP for Azure AD B2C.

 

Data residency pricing update

We understand how important it is for our customers to have control over their data and to comply with local data residency requirements. As a first step in supporting this business-critical need, earlier this year we announced the general availability of Azure AD B2C data residency in Australia. To support increased demand for this support, beginning mid-2022, current and new customers who have data residency configured for Australia or other specific countries/regions will incur an add-on charge of $0.02 per monthly active user (MAU).

 

โ€ƒ

 

Based on your feedback, we are continuing to grow our data residency offerings so that you can target selection of the country/region needed to meet data storage requirements.

 

We love hearing from you, so please share your feedback on these updates through the Azure forum or by tagging @AzureAD on Twitter.

 

Robin Goldstein 

Twitter: @RobinGo_MS

 

 

Learn more about Microsoft identity: 

 

Updated Aug 09, 2022
Version 4.0
  • Robin Goldstein's avatar
    Robin Goldstein
    Icon for Microsoft rankMicrosoft
    Jan 29, 2022

    Dan_B1135, hi. Thanks for asking about FIDO support. We are also working to enable more and more B2C capabilities in Azure AD. As we do that you can expect to see FIDO and other Auth methods light up for B2C users. 

  • Sjorsp's avatar
    Sjorsp
    Copper Contributor
    Mar 27, 2022

    We really needed this option, however there is a big problem, it doesn't seem to be possible to Enable Authenticator for existing users with the initial MFA still enabled.

    This is from a security perspective a problem because that will mean you have to remove temporarily the MFA, if anybody has a workaround for this I will make sure this person gets a nice reward from me ๐Ÿ™‚

  • bdrmahesh's avatar
    bdrmahesh
    Copper Contributor
    Mar 29, 2022

    Hi! The totp from authenticator app works for 5min though it shows for 30s. Is there a way to reduce the time to 30s or 60s as in the authenticator app? I could not find a syntax to add to custom policy regarding this.