Hallmark methods in Azure Agile Directory - Microsoft Authenticator app

  • Article
  • ii minutes to read

The Microsoft Authenticator app provides an boosted level of security to your Azure AD work or schoolhouse account or your Microsoft account and is available for Android and iOS. With the Microsoft Authenticator app, users can authenticate in a passwordless fashion during sign-in, or as an boosted verification option during self-service password reset (SSPR) or Azure AD Multi-Factor Authentication events.

Users may receive a notification through the mobile app for them to approve or deny, or use the Authenticator app to generate an Oath verification code that can be entered in a sign-in interface. If you lot enable both a notification and verification code, users who register the Authenticator app can use either method to verify their identity.

To employ the Authenticator app at a sign-in prompt rather than a username and countersign combination, see Enable passwordless sign-in with the Microsoft Authenticator app.

Passwordless sign-in

Instead of seeing a prompt for a password later entering a username, a user that has enabled telephone sign-in from the Microsoft Authenticator app sees a bulletin to enter a number in their app. When the correct number is selected, the sign-in procedure is consummate.

Example of a browser sign-in asking for user to approve the sign-in.

This authentication method provides a high level of security, and removes the need for the user to provide a password at sign-in.

To become started with passwordless sign-in, encounter Enable passwordless sign-in with the Microsoft Authenticator app.

Notification through mobile app

The Authenticator app can assist prevent unauthorized access to accounts and stop fraudulent transactions by pushing a notification to your smartphone or tablet. Users view the notification, and if it's legitimate, select Verify. Otherwise, they can select Deny.

Screenshot of example web browser prompt for Authenticator app notification to complete sign-in process.

Note

If your organisation has staff working in or traveling to People's republic of china, the Notification through mobile app method on Android devices doesn't work in that country/region as Google play services(including push notifications) are blocked in the region. However iOS notification do work. For Android devices ,alternate hallmark methods should be made available for those users.

Verification lawmaking from mobile app

The Authenticator app can be used as a software token to generate an OATH verification code. After entering your username and password, y'all enter the code provided by the Authenticator app into the sign-in interface. The verification code provides a second form of hallmark.

Users may accept a combination of upward to v OATH hardware tokens or authenticator applications, such as the Microsoft Authenticator app, configured for use at any time.

Warning

To ensure the highest level of security for self-service password reset when only one method is required for reset, a verification lawmaking is the only option available to users.

When two methods are required, users can reset using either a notification or verification code in addition to whatever other enabled methods.

Next steps

To get started with passwordless sign-in, see Enable passwordless sign-in with the Microsoft Authenticator app.

Learn more than about configuring authentication methods using the Microsoft Graph REST API.