Two-factor authentication on Microsoft platforms doesn’t have to be a pain in the rear end. That seems to be the takeaway from Microsoft’s announcement of a new authenticator app — the eponymous Microsoft Authenticator — that debuted for “all major mobile platforms” on Monday.
The new app is a merger of what was previously several apps, essentially. Under the old system, Microsoft demarcated two-factor business and personal accounts along a very clear line: Microsoft accounts (MSAs) on the one end, and Azure Active Directory (Azure AD) on the other. The two categories of customers lived within their siloed ecosystems, and everything, in theory, puttered along just splendidly.
But that wasn’t the case in practice. As Neowin notes, Microsoft had no fewer than four two-factor authentication apps across mobile including Azure Authenticator app on iOS, Authenticator for MSAs on Windows, and Microsoft Account on the Play Store. Oddly, iOS lacked any form of app for managing MSAs. It wasn’t pretty, needless to say.
That’s why Microsoft is starting fresh with Microsoft Authenticator, which Microsoft Identity Division’s Alex Simons said “combines the best parts of our previous authenticator apps into a new app.” The app’s biggest benefit? The ability to log into both MSAs and Azure ADs from a single interface. But that’s not the only improvement it has in tow. The user interface has been refreshed, and it’s gained support for one-click push notifications: initiate a login and you’ll get a message on your mobile with an “approve” button. Hit it, and you’re free to continue on your merry way.
There’s more. Microsoft Authenticator supports wearables, for better or worse — you can use an Apple Watch or Samsung Gear smartwatch to “approve MFA challenges.” Enterprise users can sign in using certificates now, too, but not to worry if you prefer biometrics to a PIN, passcode, or file — the new app supports fingerprint-based approvals on Android and iOS.
There are a few quirks of note. In terms of wearable approvals, Microsoft’s own Band and Band 2 won’t be supported, initially — Microsoft told Neowin that Band support is “on the road map” — and neither will devices running Google’s Android Wear operating system. And fingerprint support apparently isn’t in the cards for Windows Phone users, at least at launch. But that may change with the debut later this year of HP’s Elite x3 — the first Windows Phone device with an active fingerprint sensor.
The new authenticator app replaces Azure Authenticator in the form of an update, as it does the Microsoft Account app on Android. Existing accounts are being “automatically upgraded,” Microsoft said.
Article originally published in August 2016.
Updated on 08-15-2016 by Kyle Wiggers: Amended article to reflect that the new Authenticator is now available on some platforms.