none
Give Us Your Feedback!

    General discussion

  • Hi folks, I'm one of the program managers for the Microsoft Authenticator - we'd love to hear from you about your use of the app, what you like about it, what features you'd like to see, what really bugs you, what you think our competitors do better, etc.

    If you can be specific about what platform you primarily use (Android, iOS, or Windows Mobile), and what types of accounts you use (personal, work or school, or third party), that's very helpful to put your feedback in context as well.

    Thanks for using Microsoft Authenticator, and for taking the time to help us make it better!

    Cheers,

    --Libby

     
    Thursday, January 26, 2017 12:20 AM

All replies

  • In a recent version of Authenticator for iOS, the MFA "Approve" quick action (accessible from a lock screen notification) was changed to not force the user to enter a passcode or use Touch ID. Please update the app to prevent anyone from approving an MFA challenge without authenticating first.

    https://developer.apple.com/reference/usernotifications/unnotificationactionoptions/1648196-authenticationrequired 
    Thursday, January 26, 2017 2:20 PM
  • Hi Dee ess, 

    Great feedback, and we've been hearing a lot of it.  We took a change in September, to bring Work or School authentication approvals in line with personal account approvals, across all our platforms.  Previously, for everything except "work or school (AAD) accounts on iOS," you could approve above a locked screen. 

    From a multi-factor authentication perspective, the security is present -- you are proving the thing you know (password) and the thing you have (phone). But, we are taking a fresh look at letting customers add additional layers of protection, such as requiring device unlock for notification approval, and app lock capabilities, to protect OTP codes. Stay tuned! 

    Cheers,

    --Libby

    Thursday, January 26, 2017 10:16 PM
  • My opinion is that you should not be able to approve from above the locked screen, you should have to unlock as an extra security step. Duo Security does it right.
    Wednesday, February 08, 2017 11:09 AM
  • Just upgraded to the 6.0.13 version and the UI changed on my Windows10 phone. The prior version had a + at the bottom of the app to add entires. Apparently there is a beta version out there for iOS and Android but I have no idea if its available for Windows 10 Mobile. With this beta version we are "suppose" to be able to rename and resort the entries.

    All that this upgrade to 6.0.13 has done was loose the alphabetical sort order and resort instead to the order in which the entries were added to the app. This makes find the appropriate more time consuming that it should be. 

    Under the hamburger entry, if I click on "Edit Accounts" every entry in the app has a red X along the left hand side of the entry. Double clicking anywhere in the rectangle prompts the user whether they want to delete the entry. I find no way of renaming the friendly name of the entry nor can I find any way of reorganizing the entries the way I want them.


    After using this application on Windows 10 Mobile for a week I grimace every time I use it. I have close to 50 entries in the app and stupid me did not put them into the app in alphabetical order. The reason is because the previous incantation of this app on Windows 8.x mobile automatically sorted the entries as they were added.

    However in the Windows 10 mobile version this capability seem not to have been thought of at all. The result is that I have to scroll up or down the list looking for the appropriate entry. It does not help that I have multiple accounts on some services resulting in multiple entries in the app scattered through out it.  There are a couple of entries who could do with better names than what they have but that capability was also not included.

    It is sad to see that MS has released an update for Android and iOS which allows renaming the entries and reorganizing them yet those of us who were foolish enough to have Windows 10 Mobile devices are stuck with this version of the app. Another abandonment of your user base. Well lesson learnt Microsoft. Lesson learnt.



    Friday, February 17, 2017 3:44 PM
  • I started using another iOS app, Authy. I like it better for one BIG reason. My accounts are backed and password protected. Using that app, I feel more comfortable if my phone should die an unrecoverable death because I believe all I would have to do is install that app on a new phone and provide my password to get my accounts back. If that's not the case, then the apps are pretty similar then.

    Joseph

    Thursday, March 02, 2017 4:21 PM
  • I started using another iOS app, Authy. I like it better for one BIG reason. My accounts are backed and password protected. Using that app, I feel more comfortable if my phone should die an unrecoverable death because I believe all I would have to do is install that app on a new phone and provide my password to get my accounts back. If that's not the case, then the apps are pretty similar then.

    Joseph

    Yes on iOS I too use Authy since it has a pin capability to prevent unauthorized access to the app and backs up the tokens. The issue w all of these apps is that if they do not have an app on you platform like W10M you have to recreate all the entries from scratch. If Authy had a Windows10 Mobile app I would of used that in stead of MS version.  Its a lot more flexible. MS has written off Windows10 Mobile. Leaves a sour taste in my mouth.
    Thursday, March 02, 2017 5:41 PM
  • Hi Joseph, 

    Thanks for adding your feedback to this thread. We're definitely beginning to hear this message louder and clearer. Our data once showed that our app users only added, on average, 1.2 accounts. Well, that number of accounts per user is growing quickly. Obviously, losing a phone and re-navigating access to a single account isn't horrible, but losing a phone and having to get back into 10 or more accounts is another issue entirely. We get it. 

    Appreciate you chiming in here, 

    --Libby 

    Thursday, March 02, 2017 5:56 PM
  • We are using the Authenticator app with an on-prem MFA Server. So far our pilot users are pleased with the experience, thank you!

    One piece of feedback we've heard is it would be nice to see what Application or Service is requesting the second factor. Right now if our users connect to RDP or VPN they get the same pop-up. Would it be possible to surface the application name in the pop-up?

    Thursday, March 02, 2017 11:10 PM
  • We really need touchID for login screen of Autheticator App as double security. You can check OneDrive App to understand much better what I mean
    Monday, March 06, 2017 10:09 AM
  • Thanks for this feedback! We have usability data that shows most users don't actually read the notifications that closely, and/or that it leads to a higher rate of accidental denials, but as we reconcile our verification notifications across services and experiences, this is one area where we're continuing to investigate and experiment. Thanks again! 
    Wednesday, March 08, 2017 12:22 AM
  • Thanks for using the Authenticator, AkinGun! We're definitely hearing this consistently, the work is in our backlog. 
    Wednesday, March 08, 2017 12:22 AM
  • Hi, I'd like to have numbers bigger please. Thanks.
    Wednesday, March 15, 2017 11:52 AM
  • I would like to see apple watch integration (for iOS) worked in. I use MS accounts as my primary accounts and like the ability to have the two-factor authentication for added security. As I use the iPhone and Apple Watch it would be nice to be able to issue an approval from my watch without having to pick up my phone to respond to an authentication request.
    • Edited by kret1127 Wednesday, March 15, 2017 4:33 PM
    Wednesday, March 15, 2017 4:32 PM
  • I installed the MS Authenticator on my iPad simply to see when the app got updates. So far in the short time I have had it installed it has gotten two updates. Meanwhile the app on W10M has gotten 0 updates. Those of us who were foolish enough to go with W10M devices have to put up with an application that does not allow reorganization of the entries or even a simple task like renaming the entries themselves. 
    Thursday, March 16, 2017 1:59 AM
  • Why is it that you can not use what I believe is a Bridge app to convert your iOS or Android app over to the Windows10 Mobile platform? That way people on Win10M can actually use a more up to date and feature rich aoo like those on iOS and Android can.
    Thursday, March 23, 2017 12:17 AM
  • MS Authenticator android version 6.1.1 on Xiaomi Redmi 3S with android 6.0.1 is loosing added codes when you want to add more than two accounts. It happend for me for Google, Lastpass and MS Account. I could add Facebook successfully. More detail in thread below:

    https://social.technet.microsoft.com/Forums/en-US/68d371cc-debc-4db2-9220-47ec15f673c5/ms-authenticator-loosing-codes?forum=MicrosoftAuthenticatorApp

    Rolling back to 6.0.5 fixed issue.

    Friday, March 24, 2017 12:32 PM
  • Hi all,

    I would prefer a Password or Touch ID protection to open the App.

    Cheers,
    Enrico

    Monday, March 27, 2017 8:20 AM
  • The ability to group accounts would be nice, I use Authenticator for both work and personal accounts and the screen can look busy when looking for the right account, so grouping would be a useful feature.
    Thursday, April 06, 2017 8:42 AM
  • The ability to group accounts would be nice, I use Authenticator for both work and personal accounts and the screen can look busy when looking for the right account, so grouping would be a useful feature.

    The thing is that the iOS and I think the Android versions of this app allows you to reorganize the entries by dragging them. 

    I just added another site on the W10M version of the app. It decided to stick the new addition in the middle of the list of unsorted sites. Shrugs.

    Thursday, April 06, 2017 2:27 PM
  • How about Touch ID lock screen . Instead of codes in the open
    Saturday, April 08, 2017 1:54 PM
  • I happened to notice that Lastpass Authenticator was available in the W10M store so I have installed that and set up my 30 accounts in it. I was able to re arrange the entries and rename as I desire. Will see how that works and sad to say MS Authenticator may be removed from the device. This is do to the inability to easily find the entry in question and get the rotating code. With this many sites it becomes frustrating over through out the day to scroll up and down looking for a entry and adding new sites to the app there is no rhyme or reason where the entry winds up.

    Saturday, April 08, 2017 3:26 PM
  • We are in the midst of a strong push to make our apps work with the appropriate accessibility features of their respective operating systems. If you make your text size larger or smaller using the phone settings, we will adjust our sizing accordingly. Hope you find this helpful, and if you encounter any issues, please report them back here. 
    Monday, April 10, 2017 9:24 PM
  • For what accounts? If you have push notifications enabled for your personal or work or school accounts, you should be able to approve them via your watch (unless your work or school account has a PIN required.) If this doesn't work for you, please open a thread here with more information. Thanks! 
    Monday, April 10, 2017 9:25 PM
  • Hi Frustrated999, 

    I get it - you want the Windows Phone app to be top notch. I'm a diehard Windows Phone user too (I've used Windows mobile products since my first HP Compaq handheld in 2005) and I also use the Authenticator app on my Lumia 950. 

    However, we have to prioritize our development efforts on the platforms that our customers are using, and while I'd like that to be Windows Phones, the overwhelming preponderance of evidence shows us that iOS and Android usage is magnitudes greater. 

    I appreciate your passion, and hope to one day deliver some happier news,  

    --Libby


    Monday, April 10, 2017 9:35 PM
  • Definitely on our backlog, thanks!

    Monday, April 10, 2017 9:36 PM
  • On our to-do list!
    Monday, April 10, 2017 9:36 PM
  • After opening the application, token value remains same for first 30-60 seconds. Token value remains same after 1st round of 30 seconds gets over. Token value remains previous one for another 30 seconds. This needs to be fixed and happens after reopening the app again. I am running iOS version 10.2.1 on iphone 5s. Please fix the bug.
    Tuesday, April 11, 2017 6:03 PM
  • I use the Authenticator for my O365 access and it's really good.

    It would be nice to have the "Allow" button to be presented on the iPhone lock screen rather than having to navigate and then open the app. Even better for me would be to have the authenticator available on the Apple Watch which wakes the watch screen and presents either the code or the Allow and Deny buttons.

    EDIT: Reading other posts I see that it works with force touch on the lock screen.
    • Edited by Daverino Wednesday, April 12, 2017 5:32 AM
    Wednesday, April 12, 2017 5:29 AM
  • Hello, can you add Ubisoft, mail.ru and vk.com avatars to the app?
    Saturday, April 15, 2017 6:13 PM
  • I was going to install the Android version of Microsoft Authenticator until I saw the list of permissions required.

    Why does the app need access to my Photos, Media, Camera, Contacts etc.

    For a 'security' App to require permissions well beyond those necessary for it to perform its function and thus becoming a security risk itself is, don't you think, somewhat ironic.

    Dial back the permissions to those actually needed and I might consider installing the App.

    Wednesday, April 19, 2017 8:08 AM
  • I would be happy if Windows Phone 8.1 will get an app update, because W10M has compared to WP8.1 no market share.
    Wednesday, April 19, 2017 8:34 AM
  • Hi, I would like to report a problem with the latest update of Microsoft Authenticator v5.3.3. I use an iPhone 5S with enlarged text as I am sight impaired. The latest update means I can only see the first 5 digits and a tiny bit of the sixth, and of course none of the timer on the right of the number. So I have to guess or wait for a number that has a distinctive shape to be able to enter it successfully. I see that I can copy and paste the code elsewhere, but I don't really want to have to do this all the time. I think that if you were able to turn the app landscape it would reveal the whole code and timer again, for users who are visually impaired such as myself, thank you.
    Wednesday, April 19, 2017 8:41 AM
  • I would be happy if Windows Phone 8.1 will get an app update, because W10M has compared to WP8.1 no market share.

      I ditched MS Authenticator on W10Mobile here and went with LastPass Authenticator. I at least have a sorted list of my 30 or so sites and can quickly find the right entry. With MS Authenticator it was a pain to scroll back and forth through an unsortable list trying to spot the right entry.

    Wednesday, April 19, 2017 12:36 PM
  • Of all the hair-brained ideas Microsoft has come up with...this one is the dumbest...and I remember Microsoft Bob!  If my phone is stolen or compromised...which they tend to be...I no longer control my identity. There are viruses etc that will capture my "things" and that's it, I'm done. Using the "bump" feature on a phone can compromise my security. Anything that is stored electronically (password, biometric etc) can be, and most likely will be, compromised/stolen. Products like SafeKey are far superior and are virtually unhackable - 3-letter acronym government agencies use it as do many power plants trying to protect the grid. The Microsoft app is hackable...it's already been compromised multiple times...albeit in a controlled environment. I for one will never use this abomination of a service.
    Thursday, April 20, 2017 12:31 PM
  • I would love to test the new login method where you don't need a password anymore. But I am one of this stupid guy who has a Windows Mobile phone! :-(

    Please support your own platform to. Microsoft can't say it enough how simple it is to develop mobile apps for iOS, Android and Windows Mobile - so do it at least by yourself!

    Thursday, April 20, 2017 2:12 PM
  • Hi Libby,

    I am really glad that signing in has become so easy and secure. Congratulations to all the team for your great effort and creativity.

    My only concern and querry is that is it possible for me to still use one authenticator app in my mobile to allow me to sign in to multiple Microsoft accounts.

    Would be glad to know if this is possible and if it is not will it be possible for multiple account holders to sign in to their accounts with one mobile phone??

    Regards,

    archusubu

    Thursday, April 20, 2017 2:34 PM
  • Just installed Authenticator on Android. Reinforce the another thread that their is no "enable phone sign-in" drop down on your account name. Understand from the Authenticator FAQ that this is enabled automatically as I had just set up the app but a bit confusing, particularly as I use two-factor auth with the MS Account app so wasn't 100% clear that I didn't need to enable it. Also some confusion from articles on the release on whether I could us to unlock my PC - which I understand now you can't.

    I understand the difference between the two methods of supporting two-factor auth and the benefit of ditching the password. However I do find using the MS Account method more convenient as I only have to touch approve on my phone to confirm sign-in. With the Authenticator app there are several presses required in addition to i the biometric / pin. Not sure where steps can be removed but would be great if you could select the number from the notification and don't see the need for the approve button if you have touched the number to confirm it. Additionally while less secure will like to see an option to rely upon the phone being unlocked and not requiring a biometric / pin for the confirmation. My phone is always locked so I have to unlock the phone with fingerprint to then have to provide the fingerprint again for Authenticator.

    And finally to net out overall feedback from a consumer perspective, I don't see my wife using this. While I've used two-factor auth on my accounts for some time even the overhead of the MS Account model is a bit too complicated and this implementation has even more overhead from a user experience point of view. 

    Thursday, April 20, 2017 4:17 PM
  • When it's convenient, it lacks security.


    • Edited by wgmann03 Thursday, April 20, 2017 4:59 PM
    Thursday, April 20, 2017 4:58 PM
  • When configuring an account for phone sign in I ran in to the following situation which seems to lower the security of the account.

    If you choose login using password and enter the correct password the login proceeds and does not require the pin for 2FA which is setup on the account. Although approve/deny is sent to the phone a deny will not logout the account. 


    Although I agree this only happens on a machine that you told to use phone sign in there is no option to trust that PC. I see users doing this in multi-user settings and not realizing the consequences. 
    • Edited by jdolina Friday, April 21, 2017 1:03 PM
    Friday, April 21, 2017 12:29 PM
  • On an account that was setup after choosing approve (android) I received another screen which had the mailbox name the geographic location and a blue line with a cursor. The keyboard also popped up. It was not clear what was to be entered on this screen which was a fingerprint which I used  or I am assuming the line was for the phone password.
    Friday, April 21, 2017 1:08 PM
  • When I use the code generator, I can only see the first 4 or 5 numbers. The rest are on the right side and covered. Can you please help me with this ???
    Friday, April 21, 2017 4:50 PM
  • I concur. This project is, effectively, trying to play catch-up with old (existing) technology, and is not innovative. The trend in the digital identity space is self-sovereign identity using asymmetric cryptography (public/private keys). Controlled by the user, respecting all the principles of privacy, but also looking at decentralized risk to avoid honeypot data. Then there is the application of well understood security principles to avoid well known attack vectors such as malware and network hacking. The only logical solution is to a) secure private keys offline, and b) ensure any interaction with private keys - digital signatures/authentication, and decryption - is performed in an air-gapped environment. We have launched a pilot with a Swiss solution that offers a card-sized device that gives us that. Perhaps not yet ready in terms of cost for wholesale use, but certainly worthwhile for high-value administrators of systems.
    Saturday, April 22, 2017 5:54 AM
  • I am assuming there plans to make the 'phone sign-in' feature available for Microsoft business accounts.  Is there any information on likely timing for this becoming available?
    Tuesday, April 25, 2017 2:40 AM
  • Yes, there are plans, however, there is no publicly available timeline at this point. Thanks for your interest! 

    -Libby

    Tuesday, April 25, 2017 5:30 PM
  • In our push to make the app more compatible with many modern accessibility requirements, we enabled the text sizing functionality of the phone to impact the text size within the app. We are working on the bug to make sure all the numbers appear, or the user can scroll to get the rest of the number. In the meantime, you can use "copy code" to get the full number, and/or reduce the text size via your phone's Settings.  

    Sorry for the inconvenience!

    --Libby

    Tuesday, April 25, 2017 5:32 PM
  • That, unfortunately, is a mechanism of the Android phone OS, and not terribly customizable. I'll review with devs to see if we can add/update any text.

    Thanks for the feedback! 

    --Libby

    Tuesday, April 25, 2017 5:34 PM
  • Hi Steve, 

    Thanks for your thoughtful feedback. The areas we really feel the phone sign-in shine are around not needing to enter your password on untrusted devices (e.g. public kiosks or over public wifi), on a form factor where typing a complex password is less than ideal (e.g., phones), or instead of needing a second device to complete a two-step verification challenge (not on a trusted device.)  

    As for the flow of when to enter your touchID and how often, we've done what we can to make it as smooth as possible while still being secure. You're right, it's a little bit of a dance, but I can tell you after having used it for the past 6 months, it becomes very familiar quickly. 

    Would love to hear how you think the account security experience could be changed so that users like your wife might be more willing to try it. 

    Thanks, 

    --Libby

    Tuesday, April 25, 2017 5:39 PM
  • Hi Archusubu, 

    Thanks for your nice feedback. 

    I believe you're asking, if you have multiple personal Microsoft accounts, can you add them all to the phone? Yes, you can. (That said, we encourage only one account per person. :) ) 

    Cheers, 

    --Libby

    Tuesday, April 25, 2017 5:40 PM
  • Thanks for the good conversation here -- 

    What "enabling phone sign-in" does (high-level) is create a private key within the phone's encrypted storage. We then register the public key back to the Microsoft account service, tied to both the device, and the user account. When you attempt a login, the service talks with the phone, you unlock the private key with your biometric gesture, the service confirms with the public key, and access is then granted.  If you reset your device gesture/passcode, the private key is wiped out. 

    Hope this helps allay any concerns, and would welcome any additional questions, 

    Thanks, 

    --Libby

    Tuesday, April 25, 2017 5:45 PM
  • Hi EQWeb, 

    Your bug has been filed. (And I like your suggestion about landscape rotation as a possible solution.) Thanks for reporting, and sorry for the hassle. I'll try and remember to respond back here when we have the fix shipped.

    Thanks,

    --Libby 

    Tuesday, April 25, 2017 5:47 PM
  • The app needs to have its GUI redesigned. On my iPhone 5, the email address extensions are cut off. Example: myaccount@hotmai Since I have several accounts with the same name, the extensions are very important. Thx
    Wednesday, May 10, 2017 1:53 PM
  • Hi Steve, 

    It's a daunting list, isn't it? Most of that is due to the way Android operating system handles things like storage of data (Contacts), etc. We have a list of what is requested and why, at our FAQ page -- shortcut is available here: http://aka.ms/authappfaq. 

    Thanks, hope you reconsider trying Microsoft Authenticator! 

    --Libby

    Wednesday, May 10, 2017 5:57 PM
  • Hi Bandit0123, 

    Our next release should fix many of those text resize issues, particularly on smaller screens like the iPhone 5. Stay tuned. In the meantime, have you tried using Edit Account and then renaming the top Account identifier? It might help you differentiate.

    Thanks,

    --Libby 

    Wednesday, May 10, 2017 6:00 PM
  • Just found what seems a serious bug. Use MSFT Authenticator on my 950XL. Only uses it for a few things, Microsoft Account, LastPass and Rackspace administrator login.

    I have it installed on two phones:

    the 950XL OS build 10.0.15063.297

    Lumia 930 OS build 10.0.15063.138

    The 950 had all 3 accounts on it. The 930 only had Microsoft and Rackspace. They seemed in sync and everything worked.

    Both show v. 6.0.17

    Today tried to log on to Rackspace using Authenticator on the 950XL. It kept telling me the code was wrong. So pulled out the 930 and it worked fine. Removed the 2 factor from the account and reenabled several times. In each case, the app read the QR code on each phone, but produced different codes. The app on the 930 continued to work, but that on the 950 did not.

    Was going to remove and reinstall the app on the 950 to see if that mattered, but figured I'd offer to perform some diagnostics if you wanted first.

    Let me know.


    • Edited by MRGuid Tuesday, May 16, 2017 8:17 PM
    Tuesday, May 16, 2017 8:17 PM
  • Libby,

    I’d appreciate some guidance.

    Change process – upgrade to new phone – I know that the accounts aren’t restored – so my current strategy is to use a second authentication app which allows export/import (does not work with Azure since only MS Auth works there) but I have 17 accounts and growing.

    1. Will it work (have not tried this) – if you’ve saved a copy of the ORIGINAL QR code you used to provision the Microsoft (consumer) account, can you just scan a print out/screen capture of that original image to add your account back to the MS Auth app? If yes, does it work for Azure as well as the  consumer side? Are there any risks to this? Or should I use (on the consumer side) add another Authentication App (but actually use MS Auth on the new phone to set up the account)? Clearly using the original QR code is easier. Or is there something in the logic that, once you've "provisioned" the official MS Auth app, you can't set it up a second time. My goal is to NOT have to log in to proofs and mess with any of this since I have saved QR codes, etc.

    2. Starting to see 8 digit codes for Microsoft accounts instead of 6. Interesting - is there a reason for this?)

    3. Please add my vote for backup and restore of accounts to make setting up a new phone easier. Encrypt and back up to OneDrive?

    Clearly (from experience) I can use more than one authentication app (except for Azure based accounts). I'd saved all my QR codes and Secret Keys - if there was a backup and restore for MS Authenticator, I wouldn't need a second app.


    -- Barb Bowman

    Thursday, May 18, 2017 4:19 PM
  • Just updating this despite lack of response. The Authenticator app on my 930 build 15063.297 still works fine on Rackspace but Authenticator app gives different codes and thereby doesn't work on either my 950XL and my 640 despite them being all on the same build number
    Friday, May 26, 2017 6:29 PM
  • Please, add sync, migration or export/import for the Microsoft Authenticator app.

    I have Lumia 930 with the Microsoft Authenticator installed and a lot of accounts added. Now I have an iPhone also and I have installed Microsoft Authenticator on it. I was able only to add my Microsoft account to the iPhone's Authenticator using my Microsoft login/password. How do I export or sync all accounts from Lumia's Authenticator?

    I have got an answer here on the forum it is impossible because of security reasons. This is total bullshit. This is totally frustrating — now I have to recreate all accounts manually somehow...

    Tuesday, June 27, 2017 12:10 PM
  • Hi Arthur, 

    Thanks for your question -- indeed, some of the credentials we are creating in the app are specifically tied to the device itself, and stored within the secure storage of the device, even if we were to export and save to an external location for backup & restore, they would no longer work. 

    We are looking into a better story around backup & restore, but initial efforts would not be 'cross-platform,' so that still would not assist you in your move from Lumia to iPhone. You should be able to still use your Lumia as a code generator, to assist you in accessing your 3rd party accounts to re-add them in iOS (though as a user of the app on all three platforms, I understand this is less than ideal.) 

    Thanks for being a Microsoft Authenticator user, and for your feedback! 

    --Libby

    Tuesday, June 27, 2017 5:17 PM
  • Just wanting to reiterate again, that while push notifications can be approved above the lock screen we cannot use it.

    I have been informed this change was by design but our security team has once again rejected the Microsoft Authenticator app as you can approve the push notification above the lock screen. Previously you had to unlock the device to be able to approve the 2FA request. We will continue to use Duo Security until this is changed back to the way it was.

    I understand it is now by design, although it used to require unlock previously.

    Just providing feedback that it will never be allowed at our company until you at least give us the option to require phone unlock to approve the push - Intune app configuration policy *hint* *hint*.

    • Edited by TrentQueen Monday, July 17, 2017 11:03 AM
    Monday, July 17, 2017 11:01 AM
  • Hi Libby,

    Just wanted to see if additional layers of protection are still in the pipeline, and if there's a potential release date? We really need the functionality -- like TrentQueen's comment from a few days ago, my organization's security team is also rejecting use of the app because of the ability to approve from the lock screen. 

    Thanks!

    Friday, July 21, 2017 6:27 PM
  • I use iOS for Work/School accounts.

    I too would like to see lock screen approval require unlocking like Duo does. This isn't an audit requirement on my end (at least not yet), so I'd be happy with a settings toggle in the app.

    I realize it's in the FAQ and I realize it's still a thing you know + a thing you have but if you require unlocking it's more secure without being that much more inconvenient with a finger print scan or the like. Then it's a thing you know + a thing you have + a thing you are (biometric), or a second thing you know (pass code / password for the device).

    Thanks!

    Friday, July 21, 2017 10:15 PM
  • Greetings!

    First off, love the Microsoft Authenticator app and we're using it globally for MFA.

    However, in China our users do not have access to the Google Play Store.  How can the Microsoft Authenticator App be installed on Android devices without using the Google Play Store?

    Thanks!

    Tristan

    Tuesday, August 08, 2017 9:23 PM
  • I hear your request, and you are not the only one requesting such features. I can't provide any dates, but rest assured it's on our work list. 

    IF your organization runs the MFA server on-premise (as opposed to Azure MFA), you can require an MFA PIN, which would then force a user to unlock the iPhone to enter (and then we allow TouchID to serve in place of the PIN.) This PIN functionality for Azure MFA is on the backlog for the MFA team as well.  

    Thanks for your continued interest, 

    -Libby

    Monday, August 14, 2017 10:27 PM
  • The issue with "require app/phone unlock" being a setting in the app is, it would be a user-chosen setting. In order to make it an IT-admin controlled setting would require us to actually have the user "Log In" to the app itself (something we've avoided doing to date) so the app would know which policy to apply. We are investigating the use of Mobile Application Management as a possible way to mitigate that. 

    Thanks, DougBB, for your feedback, 

    --LIbby

    Monday, August 14, 2017 10:32 PM
  • Tristan, great timing, we're having several meetings on this topic this month! Which android store(s) would you prefer to be supported? 

    We would probably target a subset of the list here: https://support.microsoft.com/en-us/help/3211588/limitations-of-intune-company-portal-app-for-android-in-china 

    Thanks! 

    --Libby

    Monday, August 14, 2017 10:34 PM
  • I would add an extra interaction to the approval of any Authenticator request. When the notification pops up, just using a fingerprint results in an approved response. This can easily lead to a mistake where a user placed their thumb on the home button to exit or rest, and accidentally approved an unwarranted request. A yes/no on the pop up notification before the fingerprint prompt would be more secure.
    Monday, August 21, 2017 11:32 PM
  • Hi Libby,

    Thanks for the reply, and I'm very glad to hear this is under discussion.  From our perspective, support for the Wandoujia store would be preferred, as it's a third-party app market and available on most brands of Android phones.  Please let us know when we might be able to expect this, as it is currently holding up our deployment of Azure MFA globally.

    Thanks!

    Tristan

    Monday, August 28, 2017 1:28 PM
  • Any updates here, good bad or otherwise, on the availability of the MS Authenticator app in Wandoujia (or other non-Google app stores)?

    Thanks,

    Tristan

    Monday, October 02, 2017 10:40 PM
  • Hi,

    I've wrote it in my review in PlayStore, I've contacted Microsoft support team and asked them to make you aware of that, but no luck! I have a Samsung Galaxy S8+ and it works flawlessly with AuthenticatorApp (except for sometimes not showing the notifications automatically and making me to manually check for them, but not a big deal!). The only problem I have is when you try to setup phone sign-in inside Samsung Knox's "Secure Folder" it asks you to set a screen lock (PIN, pattern or fingerprint). It doesn't matter if you setup all of them, it still asks for it. I know it may have something to do with Secure Folder's security architecture, but I believe in partnership with Samsung (like all the Microsoft apps they gave me pre-installed and I'm unable to remove... LOL) you can easily make it work inside SecureFolder. And BTW, I really have no idea what the check box "Sign out of all Microsoft apps using example@outlook.com" (that shows up upon the removal of an account) does, because it does not log me out of any web session, nor deactivates AppPasswords, nor logs out of Outlook nor OneDrive!

    Thank you so much! Looking forward to your answer.

    Wednesday, October 04, 2017 12:33 AM

  • Libby,

    It doesn't seem to work these days.  Used to have no problem w/ it, at all.  Now, put in the code offered & after just the one first entry, says "too many wrong tries, come back later". Ergo, have to use an alternative route which, makes having Authenticator pointless, obviously.  Not to mention it's baffling why it says it's incorrect, anyway.

    Cheers,
    Drew

    Drew - IT Pro / MS Partner/Partner Company / Windows Insider / Owner - Computer Issues

    Wednesday, October 04, 2017 12:58 AM
  • Hi Libby and team,

    We're in the process of deploying Azure AD MFA along with the Microsoft Authenticator to avoid having to bring in a another third party MFA solution.

    Thus far, here are the positives and development opportunities we've noticed with the app:

    Positives:

    iOS: ability to respond to notifications on WatchOS is on par with competing solutions.

    iOS/Android: ability to single tap a response to notifications is on par with competing solutions.

    iOS/Android: ability to add MFA for additional personal services is nice and a boon to employees who want to improve the security of their accounts.

    Development opportunities:

    Android in China: due to the Google Play store being unreachable, it is difficult to install the Authenticator app and keep it up-to-date automatically. Please publish it to some of the mainstream app stores in China or help us understand why this is not a good idea.

    Android/iOS: It would be helpful if there were context displayed when prompting for verification. Geography, app name, device name, basically anything that helps the user understand what they are being asked to approve. I realize that 95% of the time I'm with the app that's causing the verification, but I've been away from my desk when Skype for Business decides I need to re-auth and I received a notification with no clue about what it was for - I denied it and figured it out when I was back, but typical users may not think twice about approving the odd auth request - which is exactly what we don't want.

    iOS (and Android if biometrics are reliable): use TouchID/FaceID to approve a request when the device is locked. It's an edge case, but if the phone is in the wrong hands and they are able to use the ID/Password, then it is trivial to provide the second factor.


    David

    Friday, October 13, 2017 2:53 PM
  • What is the current status on having a solution for recovering account data?

    Perhaps consider allowing the end-user to have absolute control over maintaining the data.

    A temporary solution would be to display in big bold letters on the OR Code capture screen to save this data because it is the last time you'll ever see it.

    In the mean time, I'm going to take steps to disable all 2FA authentications because I lose control over maintaining the data. If the upcoming fix doesn't include absolute control of my data, then I won't be using the new solution either.

    Sunday, October 15, 2017 5:49 PM
  • Greetings!

    First off, love the Microsoft Authenticator app and we're using it globally for MFA.

    However, in China our users do not have access to the Google Play Store.  How can the Microsoft Authenticator App be installed on Android devices without using the Google Play Store?

    Thanks!

    Tristan

    I have face the same issue. We can install the MS Authenticator App from China local Android market. But got error when launch it. The error message said the Google Play Service not exist or not supported on your device (something like that). It happened on the Android Phone which has China modified ROM, it does not has any Google services installed (include Google Play), even Samsung brand phone.

    Can Microsoft has a special version of Authenticator which can run inside China (fit their law) ....??

    Wah 

    Monday, October 16, 2017 3:08 AM
  • You must be joking... On Android, with the phone locked, you can swipe down the notification and click on the Approve button to approve a login. WITH THE PHONE LOCKED!

    Are you fucking serious?


    Blog: http://www.kodel.com.br

    Por favor, marque como Resposta se lhe ajudei ;-)

    Thursday, October 19, 2017 12:05 AM
  • Hello, I love the app overall but would definitely like to see the following:

    • A means of backing up accounts in the event of replaced phone - it's incredibly time consuming to re-add all these accounts back into the app.
    • Touch ID and/or PIN security for launching the Authenticator App.
    • A way to add custom icons for the accounts so that they can be easily distinguished in the list. I think having the icon default to whatever icon has been added to the Microsoft Account is fine but we should be able to override that with a custom icon as well as be able to add custom icons to non-Microsoft accounts.
    • More explanation around what the small "phone & key" icon next to some accounts means. I have started a separate thread asking what that means but in looking through the support documentation there's no mention of it. 

    Thanks!

    Thursday, October 19, 2017 2:11 AM
  • I have two systems that generate the same “user@service” identifier, but they need different MFA codes. MS Authenticator does not let me add them. When I try to add the second account it overwrites the first account instead :( luckily I was able to restore my account access, but this is really not cool!
    Friday, October 20, 2017 6:17 PM
  • Hi my feedback is:

    taking away the ability to approve authentication requests via the apple watch is bad! please bring that back! i understand that this was probably removed due to security requests, but atleast put a setting in there so i can choose to use it if i want. it was the best feature!

    Wednesday, October 25, 2017 2:59 AM
  • An Apple Watch app that allowed you to approve the sign in requests would be most welcome (like Duo has). One that ran over the LTE without having a phone present would be even better.
    Sunday, October 29, 2017 9:28 AM
  • I really like the app and it works tons better than the golf eauthenticator app. One thing I would like to see added though is the ability to create app passwords straight from the app.
    Sunday, October 29, 2017 5:27 PM
  • Do we have any estimated timeline on getting either pin plus for cloud based MFA or the administrative control to require device unlock pin before approval of MFA notification?  Our security team has severe reservations about using the push notices when they are viewable and acknowledgeable underneath the lock screen.
    Monday, October 30, 2017 1:24 PM
  • No ability to export or back up data?  Are you kidding me?  Do you think a smartphone lasts forever, never getting replaced?  

    This makes this product unusable.  What am I supposed to do when (not if) I wipe or replace my phone?

    I need the secret codes/KeyURI strings for all my accounts for 1) backup, and 2) for using them on my desktop authenticator application.  How do I get them?

    Saturday, November 11, 2017 6:26 AM
  • Dear Libby, I am currently in Japan and do not have access to a computer. Due to the recent upgrade of iOS on my iPhone I had to log into the Authenticator app again and add my private Microsoft account. Although I have an iPad here as well I can find no way to add my account again without verifying it with the Authenticator app which I cannot receive a code on until I can log in. What I need is some way to access my security settings to turn off 2FA. I have a Gmail address listed for recovery but cannot receive an SMS because phone number does not work in Japan even with roaming enabled. If I could choose my Gmail account to receive the code then I could setup Authenticator but these is not working for some reason. I know my secret questions and have access to my Microsoft email account, surely there is some way I can do this. Please help. Rod Sprague
    Sunday, November 12, 2017 11:41 PM
  • Hi Libby,

    No doubt you get this question a lot.  In fact, a few weeks back, I asked it at https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to and so far, no valid response.

    In short, I use MSFT authenticator for all 2-factor MFA needs.  Currently, I have 37 registered codes.

    The question is, now that I have a new phone, what is the best way to transfer everything to the new phone?  iCloud has done all the apps, pictures, messages, mail and more, but authenticator gets stuck and forgets all its information.

    Is there a way to scan a barcode, biometrically acknowledge, or some other trusted way to say "I am moving over here...send my authenticator setup to this device"?

    Would love to hear if its possible, and yes, delete one by one and re-register, but this also means deprovisioning some websites, some software, some access, so it's a multi day journey.

    Is there a straight forward way to transfer authenticator settings to my shiny new phone?

    Friday, November 17, 2017 8:07 PM
  • Hi, I don't know if this is still active but I was wandering if you have ever had a request put in for the authenticator app to authenticate desktop and remote desktop sessions. The SaaSPass app does it already and its free for consumers. However it is not native and it means another app. It has several login methods... QR code login, Push Login, Computer Login Code, Remote lock and Remote unlock. I personally think it is honestly one of the best apps however it is not Microsoft. You have already bought authenticator into the azure online services and through app sign-in. Why not complete it with Desktop session authentication.
    6 hours 58 minutes ago