Updated 1 year ago

Microsoft Authenticator Lite: Streamlining Your MFA Experience

by PaVee

4 min read

No Comments

If you’re one of the million users who use Microsoft Authenticator, then get ready for a game-changing update! With the latest update, Microsoft Outlook offers a seamless and streamlined experience for multi-factor authentication (MFA) requests.

Introducing Microsoft Authenticator Lite, another interface for Office 365 users to complete multi-factor authentication from their native Microsoft 365 apps is now available in Public Preview. As of now, Outlook mobile app supports Authenticator Lite.

So, now it’s time to experience a hassle-free and efficient multi-factor authentication (MFA) process! 💯 Let’s get a step closer and discover how this innovative update can enhance your MFA workflows and take your account security to the next level.

Authenticator Lite – The New Microsoft Authenticator App

Why install another app when you can have it in your native app itself?

What is Microsoft Authenticator Lite?

Authenticator Lite is a new feature that helps to complete MFA requests directly within Microsoft 365 apps without having to install other apps, like Microsoft Authenticator. Currently, users can experience the integration of the feature into the Microsoft Outlook app for Android and iOS devices.

Therefore Office 365 users can just use their Outlook mobile to satisfy MFA requests. How cool isn’t it?

But what is the strategy behind starting with Outlook? Let me break it out here, as per statistics, Outlook has seen over 500 million downloads on Android alone! Therefore, this move will make it much easier for Microsoft 365 users to adopt MFA.

Without any further delay, let’s get in and see how this Authenticator Lite works.

  1. First, configure push notifications for users using the authentication methods from the Microsoft Entra admin center.
  2. Following this, enable Authenticator Lite using Graph API for specific users.
  3. Once enabled, Outlook Mobile allows end users to register directly through Authenticator Lite.

NOTE: During the preview phase, the default Microsoft Managed setting is disabled, and the Authenticator Lite can only be enabled via the Graph API.

Latest Updates On The Microsoft Authenticator Roll-Out:

  • As of May 17, 2023, the Microsoft Authenticator Lite (in Outlook) will be released for General Availability! Please note that during GA, the Microsoft Managed value will remain disabled, and tenants will not experience any impact.
  • Initially, Microsoft announced that by May 26, 2023, Authenticator Lite will be “enabled” for your tenant if you leave the default setting ‘Microsoft managed.’

➤ But the dates underwent a change! On June 9, 2023, the Microsoft Managed value of this feature will be changed from “disabled” to “enabled.”

⚠️In case you make several changes to the configurations before June 9, they will remain unaffected. However, if administrators are not interested in using this feature, they can disable it before June 9, 2023.

Well, further updates will introduce a specified user interface to manage the Authenticator Lite. That’s not all! Now let’s explore how to enable this powerful combination and level up your security game with this innovative integration.

Enable Authenticator Lite Using Microsoft Graph API

Log in to the Microsoft Graph Explorer API and ensure the Policy.ReadWrite.AuthenticationMethod permission is granted. Before turning it on, let’s check the status of Authenticator Lite by using the below query.

Get Microsoft Authenticator Lite Status in Microsoft 365
Get Microsoft Authenticator Lite Status

Microsoft specifies the CompanionAppsAllowedState property for Authenticator Lite and based on the above figure, the initial stage is set to a ‘disabled’ state. Before we get into the steps to enable Authenticator Lite, it’s essential to note that there is a restriction that comes with it, which is –

➤ You can only include/exclude only one group at a time. (The groups can be either dynamic or nested groups.)

To enable Authenticator Lite, you can use the following sample code and make the required changes.

  • Change the actual state from ‘disabled’ to ‘enabled.’
  • Then, proceed to mention the specific target group’s ID or set the target to all users as per your requirement.

Finally, it’s done! Now that it has been enabled for the targeted users, Microsoft Outlook will prompt the user to register their accounts like below. Here, users can register their account and continue to use the Outlook app to satisfy the MFA requests.

User registration for Authenticator Lite
User registration for Authenticator Lite

Additionally, you can turn off or manage the Authenticator lite settings right from the Microsoft Outlook app. Navigate to the path below and start managing Authenticator Lite.

Microsoft Outlook mobile app 🡢 Account 🡢 Settings 🡢 Authenticator

Manage Authenticator Lite in Microsoft Outlook

One thing to remember is that it is not possible to configure specific authentication feature settings for Authenticator Lite. That is, Microsoft Authenticator Lite only supports MFA Number matching and does not support additional contexts, such as location or application name.

Authenticator Lite – MFA Made Easy

In conclusion, Microsoft just raised the bar for easing the multi-factor authentication process. Therefore, just use your good old Outlook to complete MFA requests, and you’re good to go! This move is sure to boost MFA adoption and helps to secure your accounts in a whole new way. So, if you’re on the way to upgrading your security, hop on board with Authenticator Lite now. 💯

No more app installations, no more unnecessary hassle!

Share article