Hello friends,
Today I have news to share about another great new feature in Microsoft Entra. Time-based one-time passcode (TOTP) as an MFA option is now generally available for Azure Active Directory (Azure AD)! In this release, we fixed some accessibility issues to provide customers with a reliable and secure MFA option that works for all users and devices. Huge thanks to our customers who rolled this out and gave us feedback during the public preview.
Integrating a time-based OTP with an authenticator app as a second factor in B2C scenarios user flows enables a higher level of security compared to existing email and phone factors. In my previous blog post I also mentioned how this can help users by eliminating the need for users to wait for codes to arrive in email or text messaging apps. The short lifespan of OTP codes also makes them very hard for attackers to intercept.
Time-based OTP for Azure AD user accounts work great with any authentication application that supports TOTP. We recommend using Microsoft Authenticator which uses encrypted bi-directional communication for authentication status.
Read the documentation and learn how you can set up time-based OTP for your Azure AD B2C scenario applications.
We love hearing from you, so please share your feedback on these updates through the Azure forum or by tagging @AzureAD on Twitter.
Robin Goldstein
Director of Product Manager, Microsoft identity team
Twitter: @RobinGo_MS
Learn more about Microsoft identity:
- Related Articles: Introducing custom domains and Australia expansion for Azure Active Directory B2C - Microsoft Tech C... ; Secure access for a connected world—meet Microsoft Entra - Microsoft Security Blog
- Return to the Azure Active Directory Identity blog home
- Join the conversation on Twitter and LinkedIn
- Share product suggestions on the Azure Feedback Forum