If you’re one of the million users who use Microsoft Authenticator, then get ready for a game-changing update! With the latest update, Microsoft Outlook offers a seamless and streamlined experience for multi-factor authentication (MFA) requests.
So, now it’s time to experience a hassle-free and efficient multi-factor authentication (MFA) process! 💯 Let’s get a step closer and discover how this innovative update can enhance your MFA workflows and take your account security to the next level.
Authenticator Lite – The New Microsoft Authenticator App
Why install another app when you can have it in your native app itself?
What is Microsoft Authenticator Lite?
Authenticator Lite is a new feature that helps to complete MFA requests directly within Microsoft 365 apps without having to install other apps, like Microsoft Authenticator. Currently, users can experience the integration of the feature into the Microsoft Outlook app for Android and iOS devices.
Therefore Office 365 users can just use their Outlook mobile to satisfy MFA requests. How cool isn’t it?
But what is the strategy behind starting with Outlook? Let me break it out here, as per statistics, Outlook has seen over 500 million downloads on Android alone! Therefore, this move will make it much easier for Microsoft 365 users to adopt MFA.
Without any further delay, let’s get in and see how this Authenticator Lite works.
- First, configure push notifications for users using the authentication methods from the Microsoft Entra admin center.
- Following this, enable Authenticator Lite using Graph API for specific users.
- Once enabled, Outlook Mobile allows end users to register directly through Authenticator Lite.
NOTE: During the preview phase, the default Microsoft Managed setting is disabled, and the Authenticator Lite can only be enabled via the Graph API.
Latest Updates On The Microsoft Authenticator Roll-Out:
- As of May 17, 2023, the Microsoft Authenticator Lite (in Outlook) will be released for General Availability! Please note that during GA, the Microsoft Managed value will remain disabled, and tenants will not experience any impact.
- Initially, Microsoft announced that by May 26, 2023, Authenticator Lite will be “enabled” for your tenant if you leave the default setting ‘Microsoft managed.’
➤ But the dates underwent a change! On June 9, 2023, the Microsoft Managed value of this feature will be changed from “disabled” to “enabled.”
⚠️In case you make several changes to the configurations before June 9, they will remain unaffected. However, if administrators are not interested in using this feature, they can disable it before June 9, 2023.
Well, further updates will introduce a specified user interface to manage the Authenticator Lite. That’s not all! Now let’s explore how to enable this powerful combination and level up your security game with this innovative integration.
Enable Authenticator Lite Using Microsoft Graph API
Log in to the Microsoft Graph Explorer API and ensure the Policy.ReadWrite.AuthenticationMethod permission is granted. Before turning it on, let’s check the status of Authenticator Lite by using the below query.
|
1 |
GET https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator |
Microsoft specifies the CompanionAppsAllowedState property for Authenticator Lite and based on the above figure, the initial stage is set to a ‘disabled’ state. Before we get into the steps to enable Authenticator Lite, it’s essential to note that there is a restriction that comes with it, which is –
➤ You can only include/exclude only one group at a time. (The groups can be either dynamic or nested groups.)
To enable Authenticator Lite, you can use the following sample code and make the required changes.
- Change the actual state from ‘disabled’ to ‘enabled.’
- Then, proceed to mention the specific target group’s ID or set the target to all users as per your requirement.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity", "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration", "id": "MicrosoftAuthenticator", "state": "enabled", "isSoftwareOathEnabled": false, "excludeTargets": [], "featureSettings": { "companionAppAllowedState": { "state": "enabled", "includeTarget": { "targetType": "group", "id": "<GroupID>" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } } }, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false, "authenticationMode": "any" } ] } |
Finally, it’s done! Now that it has been enabled for the targeted users, Microsoft Outlook will prompt the user to register their accounts like below. Here, users can register their account and continue to use the Outlook app to satisfy the MFA requests.
Additionally, you can turn off or manage the Authenticator lite settings right from the Microsoft Outlook app. Navigate to the path below and start managing Authenticator Lite.
Microsoft Outlook mobile app 🡢 Account 🡢 Settings 🡢 Authenticator
One thing to remember is that it is not possible to configure specific authentication feature settings for Authenticator Lite. That is, Microsoft Authenticator Lite only supports MFA Number matching and does not support additional contexts, such as location or application name.
Authenticator Lite – MFA Made Easy
In conclusion, Microsoft just raised the bar for easing the multi-factor authentication process. Therefore, just use your good old Outlook to complete MFA requests, and you’re good to go! This move is sure to boost MFA adoption and helps to secure your accounts in a whole new way. So, if you’re on the way to upgrading your security, hop on board with Authenticator Lite now. 💯
