Hi All, Let’s discuss how to start using Mobile Outlook App as MFA Authenticator App. Microsoft announces that the public preview of Authenticator Lite is now available! Anoop shared this on Apr 18, 2023, in YouTube short.
Let’s hope that the users will find the Lite version of the Authenticator app via the mobile Outlook app. This will help you move from a text message (SMS) and voice-based authentication. This new feature allows users to try a more streamlined version of the popular Authenticator app.
Strong authentication has become increasingly vital for protecting sensitive information. Because of that, Microsoft is excited to make this process even more accessible by embedding it directly into the Outlook client.
With Authenticator Lite, users can easily satisfy a multifactor authentication requirement from the convenience of a familiar app. Microsoft Authenticator app is trusted as a secure and easy way to authenticate, making it the most popular way to sign in with strong authentication in Azure.
What is Microsoft Authenticator Lite?
Microsoft Authenticator Lite is a supplementary tool available to Azure Active Directory (Azure AD) users, enabling them to carry out multifactor authentication on their Android or iOS devices through push notifications or time-based one-time passcodes (TOTP).
- FIX Zero Day Security Vulnerability for Outlook
- Outlook Web App OWA instead of Outlook Desktop App 4 Months Experience
User Registration for Authenticator in Outlook
If you enabled Authenticator Lite, users are prompted to register their account directly from Outlook mobile. The multifactor authentication helps you access your accounts more securely. You can use Outlook to authenticate in two ways.
- Receive a push notification after entering your password online
- Use a TOTP (Time-based One-Time Passcode)
Note! – This is an important security enhancement for users authenticating via telecom transports. This feature’s Microsoft-managed setting will be enabled in May 2023. This will enable the feature for all users in tenants where the feature is set to Microsoft managed. If you wish to change the state of this feature, please do so before May 26, 2023.
After registering the Outlook authenticator, you will get a notification for multifactor authentication in the Outlook application itself. Users can now use multifactor authentication (MFA) for their work or school accounts directly through the Outlook app on their iOS or Android devices without downloading the Authenticator app separately.
The Outlook Authenticator Light provides the following.
- Users can easily secure their accounts with an additional layer of protection for free.
- Provide a more seamless and convenient experience for users who want to secure their accounts.
Note! – Rollout has not yet been completed across Outlook applications. If this feature is enabled in your tenant, your users may not yet be prompted for the experience. Microsoft recommends enabling this feature when the rollout completes minimizing user disruption.
Now Use Mobile Outlook App as MFA Authenticator App
You need to enable this configuration from the Azure portal. Click Azure Active Directory > Security > Authentication methods > Microsoft Authenticator in the Azure portal.
Microsoft Authenticator on Companion Application
The Microsoft Authenticator app is a flagship authentication method usable in passwordless or simple push notification approval modes. The app is free to download and use on Android/IOS mobile devices.
| Operating system | Outlook version |
|---|---|
| Android | 4.2310.1 |
| iOS | 4.2312.1 |
- Under Enable and Target, Enable the Microsoft Authenticator by toggling the pane to the right side.
- Select All Users
- Under Configure, Select the Status as Enabled and select All users
Once you configure this policy, you will get a configuration option in the Outlook application for the light authenticator. Check out the prerequisites and the version details of Outlook you need on your mobile IOS and Android mobile to get this Enabled.
Note! – If the feature status is set to Microsoft managed, it will be enabled by Microsoft at an appropriate time after the preview
Enable Microsoft Authenticator Lite via Graph APIs
You can easily Enable Microsoft Authenticator Lite via Graph APIs. The table below shows the property (excludeTarget, includeTarget, and state), Type, and Description.
| Property | Type | Description |
|---|---|---|
| excludeTarget | featureTarget | A single entity that is excluded from this feature. You can only exclude one group from Authenticator Lite, which can be a dynamic or nested group. |
| includeTarget | featureTarget | A single entity that is included in this feature. You can only include one group for Authenticator Lite, which can be a dynamic or nested group. |
| State | advancedConfigState | Possible values are: enabled explicitly enables the feature for the selected group. disabled explicitly disables the feature for the selected group. default allows Azure AD to manage whether the feature is enabled or not for the selected group. |
Reference site – How to enable Microsoft Authenticator Lite for Outlook mobile (preview) – Microsoft Entra | Microsoft Learn
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.
Thanks for the article. I have done the settings for my tenant. I’m able to see the Authenticator option in my Android Outlook application (Settings > M365 account > Scroll down till Authenticator). But whenI I tap it, it says “Please use Authenticator app for sign-ins”.
Is it something related to as you mentioned “roll-out not been completed yet..” or if I see the option I should be able to use it and I’m missing something here?
Thank You!