none
Give Us Your Feedback!

    General discussion

  • Hi folks, I'm one of the program managers for the Microsoft Authenticator - we'd love to hear from you about your use of the app, what you like about it, what features you'd like to see, what really bugs you, what you think our competitors do better, etc.

    If you can be specific about what platform you primarily use (Android, iOS, or Windows Mobile), and what types of accounts you use (personal, work or school, or third party), that's very helpful to put your feedback in context as well.

    Thanks for using Microsoft Authenticator, and for taking the time to help us make it better!

    Cheers,

    --Libby

     
    Thursday, January 26, 2017 12:20 AM

All replies

  • In a recent version of Authenticator for iOS, the MFA "Approve" quick action (accessible from a lock screen notification) was changed to not force the user to enter a passcode or use Touch ID. Please update the app to prevent anyone from approving an MFA challenge without authenticating first.

    https://developer.apple.com/reference/usernotifications/unnotificationactionoptions/1648196-authenticationrequired 
    Thursday, January 26, 2017 2:20 PM
  • Hi Dee ess, 

    Great feedback, and we've been hearing a lot of it.  We took a change in September, to bring Work or School authentication approvals in line with personal account approvals, across all our platforms.  Previously, for everything except "work or school (AAD) accounts on iOS," you could approve above a locked screen. 

    From a multi-factor authentication perspective, the security is present -- you are proving the thing you know (password) and the thing you have (phone). But, we are taking a fresh look at letting customers add additional layers of protection, such as requiring device unlock for notification approval, and app lock capabilities, to protect OTP codes. Stay tuned! 

    Cheers,

    --Libby

    Thursday, January 26, 2017 10:16 PM
  • My opinion is that you should not be able to approve from above the locked screen, you should have to unlock as an extra security step. Duo Security does it right.
    Wednesday, February 08, 2017 11:09 AM
  • Just upgraded to the 6.0.13 version and the UI changed on my Windows10 phone. The prior version had a + at the bottom of the app to add entires. Apparently there is a beta version out there for iOS and Android but I have no idea if its available for Windows 10 Mobile. With this beta version we are "suppose" to be able to rename and resort the entries.

    All that this upgrade to 6.0.13 has done was loose the alphabetical sort order and resort instead to the order in which the entries were added to the app. This makes find the appropriate more time consuming that it should be. 

    Under the hamburger entry, if I click on "Edit Accounts" every entry in the app has a red X along the left hand side of the entry. Double clicking anywhere in the rectangle prompts the user whether they want to delete the entry. I find no way of renaming the friendly name of the entry nor can I find any way of reorganizing the entries the way I want them.


    After using this application on Windows 10 Mobile for a week I grimace every time I use it. I have close to 50 entries in the app and stupid me did not put them into the app in alphabetical order. The reason is because the previous incantation of this app on Windows 8.x mobile automatically sorted the entries as they were added.

    However in the Windows 10 mobile version this capability seem not to have been thought of at all. The result is that I have to scroll up or down the list looking for the appropriate entry. It does not help that I have multiple accounts on some services resulting in multiple entries in the app scattered through out it.  There are a couple of entries who could do with better names than what they have but that capability was also not included.

    It is sad to see that MS has released an update for Android and iOS which allows renaming the entries and reorganizing them yet those of us who were foolish enough to have Windows 10 Mobile devices are stuck with this version of the app. Another abandonment of your user base. Well lesson learnt Microsoft. Lesson learnt.



    Friday, February 17, 2017 3:44 PM
  • I started using another iOS app, Authy. I like it better for one BIG reason. My accounts are backed and password protected. Using that app, I feel more comfortable if my phone should die an unrecoverable death because I believe all I would have to do is install that app on a new phone and provide my password to get my accounts back. If that's not the case, then the apps are pretty similar then.

    Joseph

    Thursday, March 02, 2017 4:21 PM
  • I started using another iOS app, Authy. I like it better for one BIG reason. My accounts are backed and password protected. Using that app, I feel more comfortable if my phone should die an unrecoverable death because I believe all I would have to do is install that app on a new phone and provide my password to get my accounts back. If that's not the case, then the apps are pretty similar then.

    Joseph

    Yes on iOS I too use Authy since it has a pin capability to prevent unauthorized access to the app and backs up the tokens. The issue w all of these apps is that if they do not have an app on you platform like W10M you have to recreate all the entries from scratch. If Authy had a Windows10 Mobile app I would of used that in stead of MS version.  Its a lot more flexible. MS has written off Windows10 Mobile. Leaves a sour taste in my mouth.
    Thursday, March 02, 2017 5:41 PM
  • Hi Joseph, 

    Thanks for adding your feedback to this thread. We're definitely beginning to hear this message louder and clearer. Our data once showed that our app users only added, on average, 1.2 accounts. Well, that number of accounts per user is growing quickly. Obviously, losing a phone and re-navigating access to a single account isn't horrible, but losing a phone and having to get back into 10 or more accounts is another issue entirely. We get it. 

    Appreciate you chiming in here, 

    --Libby 

    Thursday, March 02, 2017 5:56 PM
  • We are using the Authenticator app with an on-prem MFA Server. So far our pilot users are pleased with the experience, thank you!

    One piece of feedback we've heard is it would be nice to see what Application or Service is requesting the second factor. Right now if our users connect to RDP or VPN they get the same pop-up. Would it be possible to surface the application name in the pop-up?

    Thursday, March 02, 2017 11:10 PM
  • We really need touchID for login screen of Autheticator App as double security. You can check OneDrive App to understand much better what I mean
    Monday, March 06, 2017 10:09 AM
  • Thanks for this feedback! We have usability data that shows most users don't actually read the notifications that closely, and/or that it leads to a higher rate of accidental denials, but as we reconcile our verification notifications across services and experiences, this is one area where we're continuing to investigate and experiment. Thanks again! 
    Wednesday, March 08, 2017 12:22 AM
  • Thanks for using the Authenticator, AkinGun! We're definitely hearing this consistently, the work is in our backlog. 
    Wednesday, March 08, 2017 12:22 AM
  • Hi, I'd like to have numbers bigger please. Thanks.
    Wednesday, March 15, 2017 11:52 AM
  • I would like to see apple watch integration (for iOS) worked in. I use MS accounts as my primary accounts and like the ability to have the two-factor authentication for added security. As I use the iPhone and Apple Watch it would be nice to be able to issue an approval from my watch without having to pick up my phone to respond to an authentication request.
    • Edited by kret1127 Wednesday, March 15, 2017 4:33 PM
    Wednesday, March 15, 2017 4:32 PM
  • I installed the MS Authenticator on my iPad simply to see when the app got updates. So far in the short time I have had it installed it has gotten two updates. Meanwhile the app on W10M has gotten 0 updates. Those of us who were foolish enough to go with W10M devices have to put up with an application that does not allow reorganization of the entries or even a simple task like renaming the entries themselves. 
    Thursday, March 16, 2017 1:59 AM
  • Why is it that you can not use what I believe is a Bridge app to convert your iOS or Android app over to the Windows10 Mobile platform? That way people on Win10M can actually use a more up to date and feature rich aoo like those on iOS and Android can.
    Thursday, March 23, 2017 12:17 AM
  • MS Authenticator android version 6.1.1 on Xiaomi Redmi 3S with android 6.0.1 is loosing added codes when you want to add more than two accounts. It happend for me for Google, Lastpass and MS Account. I could add Facebook successfully. More detail in thread below:

    https://social.technet.microsoft.com/Forums/en-US/68d371cc-debc-4db2-9220-47ec15f673c5/ms-authenticator-loosing-codes?forum=MicrosoftAuthenticatorApp

    Rolling back to 6.0.5 fixed issue.

    Friday, March 24, 2017 12:32 PM
  • Hi all,

    I would prefer a Password or Touch ID protection to open the App.

    Cheers,
    Enrico

    Monday, March 27, 2017 8:20 AM
  • The ability to group accounts would be nice, I use Authenticator for both work and personal accounts and the screen can look busy when looking for the right account, so grouping would be a useful feature.
    Thursday, April 06, 2017 8:42 AM
  • The ability to group accounts would be nice, I use Authenticator for both work and personal accounts and the screen can look busy when looking for the right account, so grouping would be a useful feature.

    The thing is that the iOS and I think the Android versions of this app allows you to reorganize the entries by dragging them. 

    I just added another site on the W10M version of the app. It decided to stick the new addition in the middle of the list of unsorted sites. Shrugs.

    Thursday, April 06, 2017 2:27 PM
  • How about Touch ID lock screen . Instead of codes in the open
    Saturday, April 08, 2017 1:54 PM
  • I happened to notice that Lastpass Authenticator was available in the W10M store so I have installed that and set up my 30 accounts in it. I was able to re arrange the entries and rename as I desire. Will see how that works and sad to say MS Authenticator may be removed from the device. This is do to the inability to easily find the entry in question and get the rotating code. With this many sites it becomes frustrating over through out the day to scroll up and down looking for a entry and adding new sites to the app there is no rhyme or reason where the entry winds up.

    Saturday, April 08, 2017 3:26 PM
  • We are in the midst of a strong push to make our apps work with the appropriate accessibility features of their respective operating systems. If you make your text size larger or smaller using the phone settings, we will adjust our sizing accordingly. Hope you find this helpful, and if you encounter any issues, please report them back here. 
    Monday, April 10, 2017 9:24 PM
  • For what accounts? If you have push notifications enabled for your personal or work or school accounts, you should be able to approve them via your watch (unless your work or school account has a PIN required.) If this doesn't work for you, please open a thread here with more information. Thanks! 
    Monday, April 10, 2017 9:25 PM
  • Hi Frustrated999, 

    I get it - you want the Windows Phone app to be top notch. I'm a diehard Windows Phone user too (I've used Windows mobile products since my first HP Compaq handheld in 2005) and I also use the Authenticator app on my Lumia 950. 

    However, we have to prioritize our development efforts on the platforms that our customers are using, and while I'd like that to be Windows Phones, the overwhelming preponderance of evidence shows us that iOS and Android usage is magnitudes greater. 

    I appreciate your passion, and hope to one day deliver some happier news,  

    --Libby


    Monday, April 10, 2017 9:35 PM
  • Definitely on our backlog, thanks!

    Monday, April 10, 2017 9:36 PM
  • On our to-do list!
    Monday, April 10, 2017 9:36 PM
  • After opening the application, token value remains same for first 30-60 seconds. Token value remains same after 1st round of 30 seconds gets over. Token value remains previous one for another 30 seconds. This needs to be fixed and happens after reopening the app again. I am running iOS version 10.2.1 on iphone 5s. Please fix the bug.
    Tuesday, April 11, 2017 6:03 PM
  • I use the Authenticator for my O365 access and it's really good.

    It would be nice to have the "Allow" button to be presented on the iPhone lock screen rather than having to navigate and then open the app. Even better for me would be to have the authenticator available on the Apple Watch which wakes the watch screen and presents either the code or the Allow and Deny buttons.

    EDIT: Reading other posts I see that it works with force touch on the lock screen.
    • Edited by Daverino Wednesday, April 12, 2017 5:32 AM
    Wednesday, April 12, 2017 5:29 AM
  • Hello, can you add Ubisoft, mail.ru and vk.com avatars to the app?
    Saturday, April 15, 2017 6:13 PM
  • I was going to install the Android version of Microsoft Authenticator until I saw the list of permissions required.

    Why does the app need access to my Photos, Media, Camera, Contacts etc.

    For a 'security' App to require permissions well beyond those necessary for it to perform its function and thus becoming a security risk itself is, don't you think, somewhat ironic.

    Dial back the permissions to those actually needed and I might consider installing the App.

    Wednesday, April 19, 2017 8:08 AM
  • I would be happy if Windows Phone 8.1 will get an app update, because W10M has compared to WP8.1 no market share.
    Wednesday, April 19, 2017 8:34 AM
  • Hi, I would like to report a problem with the latest update of Microsoft Authenticator v5.3.3. I use an iPhone 5S with enlarged text as I am sight impaired. The latest update means I can only see the first 5 digits and a tiny bit of the sixth, and of course none of the timer on the right of the number. So I have to guess or wait for a number that has a distinctive shape to be able to enter it successfully. I see that I can copy and paste the code elsewhere, but I don't really want to have to do this all the time. I think that if you were able to turn the app landscape it would reveal the whole code and timer again, for users who are visually impaired such as myself, thank you.
    Wednesday, April 19, 2017 8:41 AM
  • I would be happy if Windows Phone 8.1 will get an app update, because W10M has compared to WP8.1 no market share.

      I ditched MS Authenticator on W10Mobile here and went with LastPass Authenticator. I at least have a sorted list of my 30 or so sites and can quickly find the right entry. With MS Authenticator it was a pain to scroll back and forth through an unsortable list trying to spot the right entry.

    Wednesday, April 19, 2017 12:36 PM
  • Of all the hair-brained ideas Microsoft has come up with...this one is the dumbest...and I remember Microsoft Bob!  If my phone is stolen or compromised...which they tend to be...I no longer control my identity. There are viruses etc that will capture my "things" and that's it, I'm done. Using the "bump" feature on a phone can compromise my security. Anything that is stored electronically (password, biometric etc) can be, and most likely will be, compromised/stolen. Products like SafeKey are far superior and are virtually unhackable - 3-letter acronym government agencies use it as do many power plants trying to protect the grid. The Microsoft app is hackable...it's already been compromised multiple times...albeit in a controlled environment. I for one will never use this abomination of a service.
    Thursday, April 20, 2017 12:31 PM
  • I would love to test the new login method where you don't need a password anymore. But I am one of this stupid guy who has a Windows Mobile phone! :-(

    Please support your own platform to. Microsoft can't say it enough how simple it is to develop mobile apps for iOS, Android and Windows Mobile - so do it at least by yourself!

    Thursday, April 20, 2017 2:12 PM
  • Hi Libby,

    I am really glad that signing in has become so easy and secure. Congratulations to all the team for your great effort and creativity.

    My only concern and querry is that is it possible for me to still use one authenticator app in my mobile to allow me to sign in to multiple Microsoft accounts.

    Would be glad to know if this is possible and if it is not will it be possible for multiple account holders to sign in to their accounts with one mobile phone??

    Regards,

    archusubu

    Thursday, April 20, 2017 2:34 PM
  • Just installed Authenticator on Android. Reinforce the another thread that their is no "enable phone sign-in" drop down on your account name. Understand from the Authenticator FAQ that this is enabled automatically as I had just set up the app but a bit confusing, particularly as I use two-factor auth with the MS Account app so wasn't 100% clear that I didn't need to enable it. Also some confusion from articles on the release on whether I could us to unlock my PC - which I understand now you can't.

    I understand the difference between the two methods of supporting two-factor auth and the benefit of ditching the password. However I do find using the MS Account method more convenient as I only have to touch approve on my phone to confirm sign-in. With the Authenticator app there are several presses required in addition to i the biometric / pin. Not sure where steps can be removed but would be great if you could select the number from the notification and don't see the need for the approve button if you have touched the number to confirm it. Additionally while less secure will like to see an option to rely upon the phone being unlocked and not requiring a biometric / pin for the confirmation. My phone is always locked so I have to unlock the phone with fingerprint to then have to provide the fingerprint again for Authenticator.

    And finally to net out overall feedback from a consumer perspective, I don't see my wife using this. While I've used two-factor auth on my accounts for some time even the overhead of the MS Account model is a bit too complicated and this implementation has even more overhead from a user experience point of view. 

    Thursday, April 20, 2017 4:17 PM
  • When it's convenient, it lacks security.


    • Edited by wgmann03 Thursday, April 20, 2017 4:59 PM
    Thursday, April 20, 2017 4:58 PM
  • When configuring an account for phone sign in I ran in to the following situation which seems to lower the security of the account.

    If you choose login using password and enter the correct password the login proceeds and does not require the pin for 2FA which is setup on the account. Although approve/deny is sent to the phone a deny will not logout the account. 


    Although I agree this only happens on a machine that you told to use phone sign in there is no option to trust that PC. I see users doing this in multi-user settings and not realizing the consequences. 
    • Edited by jdolina Friday, April 21, 2017 1:03 PM
    Friday, April 21, 2017 12:29 PM
  • On an account that was setup after choosing approve (android) I received another screen which had the mailbox name the geographic location and a blue line with a cursor. The keyboard also popped up. It was not clear what was to be entered on this screen which was a fingerprint which I used  or I am assuming the line was for the phone password.
    Friday, April 21, 2017 1:08 PM
  • When I use the code generator, I can only see the first 4 or 5 numbers. The rest are on the right side and covered. Can you please help me with this ???
    Friday, April 21, 2017 4:50 PM
  • I concur. This project is, effectively, trying to play catch-up with old (existing) technology, and is not innovative. The trend in the digital identity space is self-sovereign identity using asymmetric cryptography (public/private keys). Controlled by the user, respecting all the principles of privacy, but also looking at decentralized risk to avoid honeypot data. Then there is the application of well understood security principles to avoid well known attack vectors such as malware and network hacking. The only logical solution is to a) secure private keys offline, and b) ensure any interaction with private keys - digital signatures/authentication, and decryption - is performed in an air-gapped environment. We have launched a pilot with a Swiss solution that offers a card-sized device that gives us that. Perhaps not yet ready in terms of cost for wholesale use, but certainly worthwhile for high-value administrators of systems.
    Saturday, April 22, 2017 5:54 AM
  • I am assuming there plans to make the 'phone sign-in' feature available for Microsoft business accounts.  Is there any information on likely timing for this becoming available?
    Tuesday, April 25, 2017 2:40 AM
  • Yes, there are plans, however, there is no publicly available timeline at this point. Thanks for your interest! 

    -Libby

    Tuesday, April 25, 2017 5:30 PM
  • In our push to make the app more compatible with many modern accessibility requirements, we enabled the text sizing functionality of the phone to impact the text size within the app. We are working on the bug to make sure all the numbers appear, or the user can scroll to get the rest of the number. In the meantime, you can use "copy code" to get the full number, and/or reduce the text size via your phone's Settings.  

    Sorry for the inconvenience!

    --Libby

    Tuesday, April 25, 2017 5:32 PM
  • That, unfortunately, is a mechanism of the Android phone OS, and not terribly customizable. I'll review with devs to see if we can add/update any text.

    Thanks for the feedback! 

    --Libby

    Tuesday, April 25, 2017 5:34 PM
  • Hi Steve, 

    Thanks for your thoughtful feedback. The areas we really feel the phone sign-in shine are around not needing to enter your password on untrusted devices (e.g. public kiosks or over public wifi), on a form factor where typing a complex password is less than ideal (e.g., phones), or instead of needing a second device to complete a two-step verification challenge (not on a trusted device.)  

    As for the flow of when to enter your touchID and how often, we've done what we can to make it as smooth as possible while still being secure. You're right, it's a little bit of a dance, but I can tell you after having used it for the past 6 months, it becomes very familiar quickly. 

    Would love to hear how you think the account security experience could be changed so that users like your wife might be more willing to try it. 

    Thanks, 

    --Libby

    Tuesday, April 25, 2017 5:39 PM
  • Hi Archusubu, 

    Thanks for your nice feedback. 

    I believe you're asking, if you have multiple personal Microsoft accounts, can you add them all to the phone? Yes, you can. (That said, we encourage only one account per person. :) ) 

    Cheers, 

    --Libby

    Tuesday, April 25, 2017 5:40 PM
  • Thanks for the good conversation here -- 

    What "enabling phone sign-in" does (high-level) is create a private key within the phone's encrypted storage. We then register the public key back to the Microsoft account service, tied to both the device, and the user account. When you attempt a login, the service talks with the phone, you unlock the private key with your biometric gesture, the service confirms with the public key, and access is then granted.  If you reset your device gesture/passcode, the private key is wiped out. 

    Hope this helps allay any concerns, and would welcome any additional questions, 

    Thanks, 

    --Libby

    Tuesday, April 25, 2017 5:45 PM
  • Hi EQWeb, 

    Your bug has been filed. (And I like your suggestion about landscape rotation as a possible solution.) Thanks for reporting, and sorry for the hassle. I'll try and remember to respond back here when we have the fix shipped.

    Thanks,

    --Libby 

    Tuesday, April 25, 2017 5:47 PM
  • The app needs to have its GUI redesigned. On my iPhone 5, the email address extensions are cut off. Example: myaccount@hotmai Since I have several accounts with the same name, the extensions are very important. Thx
    Wednesday, May 10, 2017 1:53 PM
  • Hi Steve, 

    It's a daunting list, isn't it? Most of that is due to the way Android operating system handles things like storage of data (Contacts), etc. We have a list of what is requested and why, at our FAQ page -- shortcut is available here: http://aka.ms/authappfaq. 

    Thanks, hope you reconsider trying Microsoft Authenticator! 

    --Libby

    Wednesday, May 10, 2017 5:57 PM
  • Hi Bandit0123, 

    Our next release should fix many of those text resize issues, particularly on smaller screens like the iPhone 5. Stay tuned. In the meantime, have you tried using Edit Account and then renaming the top Account identifier? It might help you differentiate.

    Thanks,

    --Libby 

    Wednesday, May 10, 2017 6:00 PM
  • Just found what seems a serious bug. Use MSFT Authenticator on my 950XL. Only uses it for a few things, Microsoft Account, LastPass and Rackspace administrator login.

    I have it installed on two phones:

    the 950XL OS build 10.0.15063.297

    Lumia 930 OS build 10.0.15063.138

    The 950 had all 3 accounts on it. The 930 only had Microsoft and Rackspace. They seemed in sync and everything worked.

    Both show v. 6.0.17

    Today tried to log on to Rackspace using Authenticator on the 950XL. It kept telling me the code was wrong. So pulled out the 930 and it worked fine. Removed the 2 factor from the account and reenabled several times. In each case, the app read the QR code on each phone, but produced different codes. The app on the 930 continued to work, but that on the 950 did not.

    Was going to remove and reinstall the app on the 950 to see if that mattered, but figured I'd offer to perform some diagnostics if you wanted first.

    Let me know.


    • Edited by MRGuid Tuesday, May 16, 2017 8:17 PM
    Tuesday, May 16, 2017 8:17 PM
  • Libby,

    I’d appreciate some guidance.

    Change process – upgrade to new phone – I know that the accounts aren’t restored – so my current strategy is to use a second authentication app which allows export/import (does not work with Azure since only MS Auth works there) but I have 17 accounts and growing.

    1. Will it work (have not tried this) – if you’ve saved a copy of the ORIGINAL QR code you used to provision the Microsoft (consumer) account, can you just scan a print out/screen capture of that original image to add your account back to the MS Auth app? If yes, does it work for Azure as well as the  consumer side? Are there any risks to this? Or should I use (on the consumer side) add another Authentication App (but actually use MS Auth on the new phone to set up the account)? Clearly using the original QR code is easier. Or is there something in the logic that, once you've "provisioned" the official MS Auth app, you can't set it up a second time. My goal is to NOT have to log in to proofs and mess with any of this since I have saved QR codes, etc.

    2. Starting to see 8 digit codes for Microsoft accounts instead of 6. Interesting - is there a reason for this?)

    3. Please add my vote for backup and restore of accounts to make setting up a new phone easier. Encrypt and back up to OneDrive?

    Clearly (from experience) I can use more than one authentication app (except for Azure based accounts). I'd saved all my QR codes and Secret Keys - if there was a backup and restore for MS Authenticator, I wouldn't need a second app.


    -- Barb Bowman

    Thursday, May 18, 2017 4:19 PM
  • Just updating this despite lack of response. The Authenticator app on my 930 build 15063.297 still works fine on Rackspace but Authenticator app gives different codes and thereby doesn't work on either my 950XL and my 640 despite them being all on the same build number
    Friday, May 26, 2017 6:29 PM
  • Please, add sync, migration or export/import for the Microsoft Authenticator app.

    I have Lumia 930 with the Microsoft Authenticator installed and a lot of accounts added. Now I have an iPhone also and I have installed Microsoft Authenticator on it. I was able only to add my Microsoft account to the iPhone's Authenticator using my Microsoft login/password. How do I export or sync all accounts from Lumia's Authenticator?

    I have got an answer here on the forum it is impossible because of security reasons. This is total bullshit. This is totally frustrating — now I have to recreate all accounts manually somehow...

    Tuesday, June 27, 2017 12:10 PM
  • Hi Arthur, 

    Thanks for your question -- indeed, some of the credentials we are creating in the app are specifically tied to the device itself, and stored within the secure storage of the device, even if we were to export and save to an external location for backup & restore, they would no longer work. 

    We are looking into a better story around backup & restore, but initial efforts would not be 'cross-platform,' so that still would not assist you in your move from Lumia to iPhone. You should be able to still use your Lumia as a code generator, to assist you in accessing your 3rd party accounts to re-add them in iOS (though as a user of the app on all three platforms, I understand this is less than ideal.) 

    Thanks for being a Microsoft Authenticator user, and for your feedback! 

    --Libby

    Tuesday, June 27, 2017 5:17 PM
  • Just wanting to reiterate again, that while push notifications can be approved above the lock screen we cannot use it.

    I have been informed this change was by design but our security team has once again rejected the Microsoft Authenticator app as you can approve the push notification above the lock screen. Previously you had to unlock the device to be able to approve the 2FA request. We will continue to use Duo Security until this is changed back to the way it was.

    I understand it is now by design, although it used to require unlock previously.

    Just providing feedback that it will never be allowed at our company until you at least give us the option to require phone unlock to approve the push - Intune app configuration policy *hint* *hint*.

    • Edited by TrentQueen Monday, July 17, 2017 11:03 AM
    Monday, July 17, 2017 11:01 AM
  • Hi Libby,

    Just wanted to see if additional layers of protection are still in the pipeline, and if there's a potential release date? We really need the functionality -- like TrentQueen's comment from a few days ago, my organization's security team is also rejecting use of the app because of the ability to approve from the lock screen. 

    Thanks!

    Friday, July 21, 2017 6:27 PM
  • I use iOS for Work/School accounts.

    I too would like to see lock screen approval require unlocking like Duo does. This isn't an audit requirement on my end (at least not yet), so I'd be happy with a settings toggle in the app.

    I realize it's in the FAQ and I realize it's still a thing you know + a thing you have but if you require unlocking it's more secure without being that much more inconvenient with a finger print scan or the like. Then it's a thing you know + a thing you have + a thing you are (biometric), or a second thing you know (pass code / password for the device).

    Thanks!

    Friday, July 21, 2017 10:15 PM
  • Greetings!

    First off, love the Microsoft Authenticator app and we're using it globally for MFA.

    However, in China our users do not have access to the Google Play Store.  How can the Microsoft Authenticator App be installed on Android devices without using the Google Play Store?

    Thanks!

    Tristan

    Tuesday, August 08, 2017 9:23 PM
  • I hear your request, and you are not the only one requesting such features. I can't provide any dates, but rest assured it's on our work list. 

    IF your organization runs the MFA server on-premise (as opposed to Azure MFA), you can require an MFA PIN, which would then force a user to unlock the iPhone to enter (and then we allow TouchID to serve in place of the PIN.) This PIN functionality for Azure MFA is on the backlog for the MFA team as well.  

    Thanks for your continued interest, 

    -Libby

    Monday, August 14, 2017 10:27 PM
  • The issue with "require app/phone unlock" being a setting in the app is, it would be a user-chosen setting. In order to make it an IT-admin controlled setting would require us to actually have the user "Log In" to the app itself (something we've avoided doing to date) so the app would know which policy to apply. We are investigating the use of Mobile Application Management as a possible way to mitigate that. 

    Thanks, DougBB, for your feedback, 

    --LIbby

    Monday, August 14, 2017 10:32 PM
  • Tristan, great timing, we're having several meetings on this topic this month! Which android store(s) would you prefer to be supported? 

    We would probably target a subset of the list here: https://support.microsoft.com/en-us/help/3211588/limitations-of-intune-company-portal-app-for-android-in-china 

    Thanks! 

    --Libby

    Monday, August 14, 2017 10:34 PM
  • I would add an extra interaction to the approval of any Authenticator request. When the notification pops up, just using a fingerprint results in an approved response. This can easily lead to a mistake where a user placed their thumb on the home button to exit or rest, and accidentally approved an unwarranted request. A yes/no on the pop up notification before the fingerprint prompt would be more secure.
    Monday, August 21, 2017 11:32 PM
  • Hi Libby,

    Thanks for the reply, and I'm very glad to hear this is under discussion.  From our perspective, support for the Wandoujia store would be preferred, as it's a third-party app market and available on most brands of Android phones.  Please let us know when we might be able to expect this, as it is currently holding up our deployment of Azure MFA globally.

    Thanks!

    Tristan

    Monday, August 28, 2017 1:28 PM
  • Any updates here, good bad or otherwise, on the availability of the MS Authenticator app in Wandoujia (or other non-Google app stores)?

    Thanks,

    Tristan

    Monday, October 02, 2017 10:40 PM

  • Libby,

    It doesn't seem to work these days.  Used to have no problem w/ it, at all.  Now, put in the code offered & after just the one first entry, says "too many wrong tries, come back later". Ergo, have to use an alternative route which, makes having Authenticator pointless, obviously.  Not to mention it's baffling why it says it's incorrect, anyway.

    Cheers,
    Drew

    Drew - IT Pro / MS Partner/Partner Company / Windows Insider / Owner - Computer Issues

    Wednesday, October 04, 2017 12:58 AM
  • Hi Libby and team,

    We're in the process of deploying Azure AD MFA along with the Microsoft Authenticator to avoid having to bring in a another third party MFA solution.

    Thus far, here are the positives and development opportunities we've noticed with the app:

    Positives:

    iOS: ability to respond to notifications on WatchOS is on par with competing solutions.

    iOS/Android: ability to single tap a response to notifications is on par with competing solutions.

    iOS/Android: ability to add MFA for additional personal services is nice and a boon to employees who want to improve the security of their accounts.

    Development opportunities:

    Android in China: due to the Google Play store being unreachable, it is difficult to install the Authenticator app and keep it up-to-date automatically. Please publish it to some of the mainstream app stores in China or help us understand why this is not a good idea.

    Android/iOS: It would be helpful if there were context displayed when prompting for verification. Geography, app name, device name, basically anything that helps the user understand what they are being asked to approve. I realize that 95% of the time I'm with the app that's causing the verification, but I've been away from my desk when Skype for Business decides I need to re-auth and I received a notification with no clue about what it was for - I denied it and figured it out when I was back, but typical users may not think twice about approving the odd auth request - which is exactly what we don't want.

    iOS (and Android if biometrics are reliable): use TouchID/FaceID to approve a request when the device is locked. It's an edge case, but if the phone is in the wrong hands and they are able to use the ID/Password, then it is trivial to provide the second factor.


    David

    Friday, October 13, 2017 2:53 PM
  • What is the current status on having a solution for recovering account data?

    Perhaps consider allowing the end-user to have absolute control over maintaining the data.

    A temporary solution would be to display in big bold letters on the OR Code capture screen to save this data because it is the last time you'll ever see it.

    In the mean time, I'm going to take steps to disable all 2FA authentications because I lose control over maintaining the data. If the upcoming fix doesn't include absolute control of my data, then I won't be using the new solution either.

    Sunday, October 15, 2017 5:49 PM
  • Greetings!

    First off, love the Microsoft Authenticator app and we're using it globally for MFA.

    However, in China our users do not have access to the Google Play Store.  How can the Microsoft Authenticator App be installed on Android devices without using the Google Play Store?

    Thanks!

    Tristan

    I have face the same issue. We can install the MS Authenticator App from China local Android market. But got error when launch it. The error message said the Google Play Service not exist or not supported on your device (something like that). It happened on the Android Phone which has China modified ROM, it does not has any Google services installed (include Google Play), even Samsung brand phone.

    Can Microsoft has a special version of Authenticator which can run inside China (fit their law) ....??

    Wah 

    Monday, October 16, 2017 3:08 AM
  • You must be joking... On Android, with the phone locked, you can swipe down the notification and click on the Approve button to approve a login. WITH THE PHONE LOCKED!

    Are you fucking serious?


    Blog: http://www.kodel.com.br

    Por favor, marque como Resposta se lhe ajudei ;-)

    Thursday, October 19, 2017 12:05 AM
  • Hello, I love the app overall but would definitely like to see the following:

    • A means of backing up accounts in the event of replaced phone - it's incredibly time consuming to re-add all these accounts back into the app.
    • Touch ID and/or PIN security for launching the Authenticator App.
    • A way to add custom icons for the accounts so that they can be easily distinguished in the list. I think having the icon default to whatever icon has been added to the Microsoft Account is fine but we should be able to override that with a custom icon as well as be able to add custom icons to non-Microsoft accounts.
    • More explanation around what the small "phone & key" icon next to some accounts means. I have started a separate thread asking what that means but in looking through the support documentation there's no mention of it. 

    Thanks!

    Thursday, October 19, 2017 2:11 AM
  • I have two systems that generate the same “user@service” identifier, but they need different MFA codes. MS Authenticator does not let me add them. When I try to add the second account it overwrites the first account instead :( luckily I was able to restore my account access, but this is really not cool!
    Friday, October 20, 2017 6:17 PM
  • Hi my feedback is:

    taking away the ability to approve authentication requests via the apple watch is bad! please bring that back! i understand that this was probably removed due to security requests, but atleast put a setting in there so i can choose to use it if i want. it was the best feature!

    Wednesday, October 25, 2017 2:59 AM
  • An Apple Watch app that allowed you to approve the sign in requests would be most welcome (like Duo has). One that ran over the LTE without having a phone present would be even better.
    Sunday, October 29, 2017 9:28 AM
  • I really like the app and it works tons better than the golf eauthenticator app. One thing I would like to see added though is the ability to create app passwords straight from the app.
    Sunday, October 29, 2017 5:27 PM
  • Do we have any estimated timeline on getting either pin plus for cloud based MFA or the administrative control to require device unlock pin before approval of MFA notification?  Our security team has severe reservations about using the push notices when they are viewable and acknowledgeable underneath the lock screen.
    Monday, October 30, 2017 1:24 PM
  • No ability to export or back up data?  Are you kidding me?  Do you think a smartphone lasts forever, never getting replaced?  

    This makes this product unusable.  What am I supposed to do when (not if) I wipe or replace my phone?

    I need the secret codes/KeyURI strings for all my accounts for 1) backup, and 2) for using them on my desktop authenticator application.  How do I get them?

    Saturday, November 11, 2017 6:26 AM
  • Dear Libby, I am currently in Japan and do not have access to a computer. Due to the recent upgrade of iOS on my iPhone I had to log into the Authenticator app again and add my private Microsoft account. Although I have an iPad here as well I can find no way to add my account again without verifying it with the Authenticator app which I cannot receive a code on until I can log in. What I need is some way to access my security settings to turn off 2FA. I have a Gmail address listed for recovery but cannot receive an SMS because phone number does not work in Japan even with roaming enabled. If I could choose my Gmail account to receive the code then I could setup Authenticator but these is not working for some reason. I know my secret questions and have access to my Microsoft email account, surely there is some way I can do this. Please help. Rod Sprague
    Sunday, November 12, 2017 11:41 PM
  • Hi Libby,

    No doubt you get this question a lot.  In fact, a few weeks back, I asked it at https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to and so far, no valid response.

    In short, I use MSFT authenticator for all 2-factor MFA needs.  Currently, I have 37 registered codes.

    The question is, now that I have a new phone, what is the best way to transfer everything to the new phone?  iCloud has done all the apps, pictures, messages, mail and more, but authenticator gets stuck and forgets all its information.

    Is there a way to scan a barcode, biometrically acknowledge, or some other trusted way to say "I am moving over here...send my authenticator setup to this device"?

    Would love to hear if its possible, and yes, delete one by one and re-register, but this also means deprovisioning some websites, some software, some access, so it's a multi day journey.

    Is there a straight forward way to transfer authenticator settings to my shiny new phone?

    Friday, November 17, 2017 8:07 PM
  • Hi, I don't know if this is still active but I was wandering if you have ever had a request put in for the authenticator app to authenticate desktop and remote desktop sessions. The SaaSPass app does it already and its free for consumers. However it is not native and it means another app. It has several login methods... QR code login, Push Login, Computer Login Code, Remote lock and Remote unlock. I personally think it is honestly one of the best apps however it is not Microsoft. You have already bought authenticator into the azure online services and through app sign-in. Why not complete it with Desktop session authentication.
    Saturday, November 18, 2017 9:56 PM
  • When will the PIN/Touch ID be available on iPhone to only allow approvals on the lock screen to be done in conjunction with Pin/Touch ID?

    Also where is the enrolment functionality in Azure MFA that is available in the on premise server? i wont to be able to email yours with instructions to enrol on the app with their own QR code etc rather than have to have them log in to an MFA secured app to enrol? 

    Monday, November 20, 2017 4:42 PM
  • Giving Microsoft Authenticator a try on iOS. Overall, I'm very happy with the app - simple to use! I do have some other feedback though:

    Firstly, it would be awesome if the account data could be stored in the phone backup so that it could be restored/transferred to the same/another phone. This would save re-enabling MFA on several dozen accounts.

    Second, I noticed some unexpected functionality when adding multiple Slack accounts. In the key URI (when enrolling with a QR code), Slack uses the label to distinguish the workspace e.g. Slack%20(Workspace Name):my@email.address. However, MS Authenticator ignores everything before the colon so it will add an entry with just my@email.address. So if you're a member of multiple Slack workspaces and use the same email address then, in theory, you'd get duplicate entries. However, the MS Authenticator app handles duplicate entries by overwriting the old entry with the new entry.

    Wednesday, November 22, 2017 7:14 AM
  • Hi Brown,

    The Authenticator app is blocked in the China Google Play Store and our company china users are wondering if there's another supported way to get the Authenticator app on Android.

    Now we can only change the contact method to SMS or phone call to actually perform the required authentication on China Android device. But we need another solution to make authenticator work in China Android device like "IOS" device. We don't want to manually install the package. Even if we try to download the apk installer file and install it successful on the phone, when our user opens the app, it will also try to connect to the Google Play Service which had been blocked by China.

    Main Chinese android device type are list below:

    Huawei ,XiaoMi, OPPO, Vivo, Meizu

    We cannot find any Microsoft authenticator on the above application markets.

    Would you please help us to check and give us any update on that ?

    Appreciated your feedback.

    --Eileen Wang

    Friday, November 24, 2017 6:59 AM
  • I totally agree with this. Best feature of using the app over SMS.

    EDIT: To clarify I was reacting to a previous entry that was detailing the removal of sign-in approval on the Watch. See also my other thread.

    In short:

    A great feature of the Authenticator App is the possibility to approve a sign-in request from Apple Watch.  (To be honest, that is the killer app for me on the Watch).  Since the last update (version 5.4.8) I only get a notification to approve the sign-in on the iPhone. The option to approve the request directly on the Watch is missing.
    Is this a bug or by design?  I would hate to see this feature be disabled. The convenience of not having to enter a code or approve from a phone is so much higher and that is what is what would make Authenticator beat the competition.  I was planning on forcing Authenticator to all my users for MFA, but I put that decision on hold as long as the Watch cannot do approvals anymore.



    • Edited by Wim Borgers Tuesday, November 28, 2017 8:25 AM
    Monday, November 27, 2017 12:22 PM
  • It's very strange that I am seeing what you are (no notifications). I am on Apple Watch Series 3 with LTE and seeing the same thing but a coworker downloaded MS Authenticator today and has an Apple Watch Series 2 and he's getting the notifications on his watch.
    Monday, December 04, 2017 10:05 PM
  • I appreciate we can support MFA through Remote Desktop Gateway Services but is there an item on your roadmap that will allow server logins to prompt for MFA as part of the remote desktop login experience without RDS?  Duo and Safenet support this with an application installed per node with local NPS servers.

    If this is possible now, can you advise - the only documentation i can find relates to the need for RDS gateway.

    Thanks!


    Andrew

    Tuesday, December 05, 2017 10:42 PM
  • A "small" quality of life change for OCD people like myself:

    Allow users to modify the account information beyond the name. Allow us to add custom pictures, especially for services that don't auto-discover the appropriate account image.

    Having the default grey icon makes the app look unfinished.

    Friday, December 08, 2017 4:55 PM
  • I think in iOS the app should be password protected or at least protected with TouchID. Thanks
    • Edited by Zeus65 Friday, December 08, 2017 6:05 PM Minor
    Friday, December 08, 2017 6:04 PM
  • Hi,

    as described here:

    https://social.technet.microsoft.com/Forums/en-US/23496753-b374-425a-8825-a5ed4424e4ec/

    and also stated via a log (ID: QHWZZMME) I have trouble using the authenticator app for phone sign-in. Seems to be a bug or some kind of incompatibility issue.

    Would be nice if a future update solves this.


    regards



    • Edited by blue cloud2 Wednesday, December 20, 2017 11:39 AM
    Wednesday, December 20, 2017 11:37 AM
  • Hi Libby,

    We would love to be able to give the user feedback on the device name that is requesting access. For example sometimes our staff may receive an authentication request on their phone that has come from their iPad when it joins a WIFI network but they don't physically initiate the connection.

    Cheers,

    Steve

    Thursday, December 21, 2017 11:04 AM
  • Hello Libby, 

    Do you have any updates for this topic?

    From my company, we would like you can support the Baidu App Store.

    Thanks!

     

    Thursday, December 28, 2017 3:44 AM
  • Hi I have some loopholes I wanted to raise. 1. On my lock screen, if I click to view an authentication alert I can approve without entering my phone unlock code. 2. With locked screed, pressing the notification screen allows approval 3. If I use text to receive the code, I can read the text and input the code without unlocking my phone. Disabling notifications on the app would be one fix but is there a way to prevent this? Thanks.
    Thursday, December 28, 2017 5:55 PM
  • Please please please let us send a PIN to our email address for MFA.  This will remove the dependency on the mobile device.
    Tuesday, January 02, 2018 9:35 PM
  • This is already a feature, you need to enable secondary email verification in settings.

    Andrew

    Friday, January 05, 2018 3:38 AM
  • Hi @BobRobApex

    I am getting the notifications on my watch. That is not the issue.  Before I had the option to approve or reject the authentication. That functionality is lost. I can only dismiss the notification on the watch and must use the phone to approve the request.  The handy part was to be able to approve the request from the watch itself.

    Wim

    Monday, January 15, 2018 12:38 PM
  • I love the MSFT Authenticator application. I use it from my iPhone when logging into Office 365 2fa. I love the push notifications because I only have to swipe to approve. I do not see an issue not having to unlock my phone because the request is initiated from my desktop meaning both devices, password, and approve is needed. If my computer and iPhone are stolen then it would still be protected as needed. I would like to be able to associate all my entries to my Office 365 account allowing me to control the data via admin portal in Office 365. Perhaps even able to store and access via Azure key vault . I recently got a new phone and did not realize that all my accounts would be removed even though I was able to restore from a backup the overall phone data. Besides that I love the application. Thanks.
    Monday, January 15, 2018 2:49 PM
  • Just curious why you think unlocking your phone first makes the process more secure? The point of 2FA is that a password and Sone other device or token is needed. It would be like asking RSA USB tokens to have a password to unlock access to the token. Just curious your thoughts. Thanks
    Monday, January 15, 2018 2:55 PM
  • If changed please keep option to approve with just swipe . I agree the password and phone is doing the purpose and design of 2FA. No need to unlock something I am in possession of.
    Monday, January 15, 2018 2:58 PM
  • I would like some kind of security feature to unlock the authenticator app itself. A passcode or TouchID preferably. I don't like that the app just opens up and all of my codes are readily available without any kind of security. I primarily use iOS.
    Tuesday, January 16, 2018 12:55 AM
  • Libby,

    Folks

    I have been referred to this forum by the Technet forum after being referred there by the Microsoft Support Community.

    The initial problem as stated at the time: 

    Windows Phone Authenticator has stopped working since the latest WP update.

    The error message is: Authenticator can't be opened. An app update my be available in the Store. Except there is no update.

    It means I am currently without two factor authentication which is very frustrating.

    Since then I have discovered  that there was a problem with both Windows Phone Update and with the app.

    The problem seems to have been not so much with Authenticator but rather with the last Windows update. There are a number of other apps that are giving me the same error message about update for the app when there is no update. What I have to do is delete the app and then reinstall it.

    This was then exacerbated by Microsoft changing the name of the app from Authenticator to Microsoft Authenticator with no announcement or advice to users. It took me a while to find this out so that I could reinstall the app.

    So I'm now back Authenticating, no thanks to any of the forums.


    But, I do still worry that I'm going to have ongoing problems with Windows when the next update comes out.


    Cheers


    Ken

    Sunday, January 21, 2018 10:23 AM
  • Libby

    I use Microsoft Authenticator with personal accounts. I'm using it on WP10.

    The thing I find odd is that to set it up with some accounts I have to select Google Authenticator as the means of authenticating to be able to do the setup. There should be some instructions to that effect somewhere.

    The links on the Help and Feedback appear to be broken. For example, when I tap on 'How do I add an account?' I get taken to a page about Azure server that has nothing to do with adding an account or else the link doesn't work at all.

    My 2c's worth.

    Cheers

    Ken

    Sunday, January 21, 2018 10:33 AM
  • Libby, I am sorry but Authenticator is asking me to sign into a personal account. AFter AI entered my password it says:

    "Before you can access sensitive info, you need to approve request H9HWL on your Microsoft Authenticator app."

    I looked in settings and there is no place to approve requests at all... Where is that? 

    Sunday, January 21, 2018 7:05 PM
  • I am running Windows 10 Mobile on an Alcatel Idol 4S, so I suppose it's a long shot that these improvements would be made. My requests are:

    • at least manual sorting of the list of accounts
    • editing of the account names
    • optional hiding of the email address. displaying the address is a potential security risk from wandering eyes

    Thanks for listening.

    Andrew

    Monday, January 29, 2018 12:04 PM
  • I would like to know if I can have this app push notifications to a Samsung Gear Fit 2 Pro for approval/disapproval. If so, how? If not, can this please be added?

    Thank-you.


    • Edited by nuuriell Monday, January 29, 2018 12:48 PM Clarity
    Monday, January 29, 2018 12:47 PM
  • Fingerprint authentication on android 7 has stopped working. I have tried by disabling and enabling fingerprint on the settings but has not helped. This was working until a few month ago.

    App version 6.2.13

    Wednesday, February 07, 2018 4:32 AM
  • Hi Libby, does Microsoft have any defined schedule for the China Android users? Or will Microsoft decide to develop a special version for China user only? So far, we still can not use the Authenticator due to the Google Play Service is forbidden in China.  If Microsoft can release that version in any main third party app store like, Baidu, Huawei or Xiaomi, it will be perfect.

    Thanks.

    Wednesday, February 14, 2018 3:52 PM
  • Will it ever work, again?  For the longest time, every time try to use it will say, "Too many invalid attempts" and that's on the 1st (correct) attempt!  Sure would be nice to be able to, actually, use it!

    Platform is Windows 10 Mobile.

    Cheers,
    Drew

    Drew - IT Pro / MS Partner/Partner Company / Windows Insider / Owner - Computer Issues


    • Edited by Drew1903 Saturday, February 17, 2018 4:52 AM
    Saturday, February 17, 2018 4:51 AM
  • Backing up my token list is really a very important feature.
    So I can import all my tokens on a new phone without any other work to do.

    Monday, February 19, 2018 9:12 PM
  • Libby,

    I work for a large global company headquartered in the midwest. Our office is off-site and uses an online email system that connects to corporate mainframe. They have just initiated the Multi-Factor Authentication for our email. 

    My question is: do I have to answer my phone EVERY time I need to log into my email? Or is there a way that the MFA can remember devices?

    This isn't very practical if you don't have a work cell phone and you're not at your desk. They have informed us that they are working on a solution, but I'm not sure that I'm comfortable having to use my personal cell phone in this way.

    Please let me know if there is any way to solve this issue. I will pass it on to our IT department.

    Thank you

    Tuesday, February 27, 2018 1:49 PM
  • The authenticator sucks, works then it does not then it does, just like other Microsoft product.
    Friday, March 02, 2018 10:27 PM
  • This app was downloaded my a haker and the haker got into my email account and now uses the app to keep me out of my email. So no your FAILED and because you are trying to make it out that this app is so awesome and secure the haker is keeping me out of my account any you will let him/her keep me out because you want your app to be good. Your problem is the app and your security, this app is not better security it is Microsoft helping the haker!!
    Wednesday, March 07, 2018 4:41 AM
  • We've just run into the same issue with Microsoft Authenticator not being available in China.  This is a big gap and needs to be addressed as soon as possible.
    Tuesday, March 20, 2018 6:10 PM
  • Hi Libby, I have a Samsung Android phone and here is what I think. 

    1. I was unable to write to this Forum from it (for whatever reason) from the web/ chrome/internet browser and associated links. 

    Suggestion: Authenticator should have a quick link to be able to report any issue

    2. I am from India and we have power cuts at times due to some location factors/ constraints. Thus at times before we log off from any account the power is off and somehow the computer stores the page info. This happened today, when after a long weekend I came back to my desk and entered hotmail URL only but the system opened my inbox without me having to enter my credentials. Risky Business!!

    Suggestion: Authenticator could be equipped with a 'Remote Logoff' feature. Each application added to the app could have individual 'remote logoff' option so that even if we are away from our desk but don't plan on returning we could still logoff.. Just like whatsapp web remote logoff.

    Thanks for your time and attention.

    Regards,

    Ameeth Paul



    Monday, March 26, 2018 9:25 AM
  • We've just run into the same issue with Microsoft Authenticator not being available in China.  This is a big gap and needs to be addressed as soon as possible.

    We have had great success with Microsoft Authenticator replacing RSA in North America and Europe, but are running in to the same app store issues in China.  Libby noted that Microsoft was actively working on this last fall and we were asked to pick from the list of China app stores identified here:  https://support.microsoft.com/en-us/help/3211588/limitations-of-intune-company-portal-app-for-android-in-china.

    Libby, can you let us know if any of them has been added?  I'm hoping that at least Tencent MyApp (the largest China Android app store) has been added by now.

    This is urgent for us as we will have to switch direction if we can't use Authenticator as our single global solution.

    Monday, March 26, 2018 5:24 PM
  • Libby,

    I looked into the Tencent MyApp store a little further.  Several Microsoft apps are already published there.  Here is a link to the store with what I found as a translation for Microsoft (微软).

    http://android.myapp.com/myapp/search.htm?kw=微软

    Numerous Microsoft apps show up in the search results, but as far as I can tell, Authenticator is not yet among them.

    Can you provide an update on status of publishing this app in China?

    Thanks,

    Tuesday, March 27, 2018 3:55 PM
  • Hi Libby,

    You can add my vote for Microsoft to publish a working Authenticator App solution to the application stores for china based users of Android iOS devices - 15k users in my case.

    Thanks
    Ciaran

    Tuesday, April 03, 2018 4:12 PM
  • Judging from the missing answers, I guess Zero Touch Deployment of the Authenticator App isn't possible... (?)

    In a corporate environment, this would be appreciated, as the current configuration process; QR scanning, etc. is beyond the ordinary office worker capability.

    So far tried it with corporate owned iOS devices, to no avail.

    The possibility of creating an "App Configuration policy" for use by Intune, would suit purpose, and adhere to MS own recommendations (https://docs.microsoft.com/da-dk/intune-classic/deploy-use/configure-ios-apps-with-mobile-app-configuration-policies-in-microsoft-intune).

    Looking forward

    Best regards

    Wednesday, April 04, 2018 7:07 AM
  • It does not work which, sux.  For as long as I can recall, when an occasion ask for it as a way to authorise, right from the 1st code entered it says, "Too many incorrect codes tried, use a different method"; there's only been ONE entered.  It's a wee bit sad since, would be my preferred method if, it worked.

    As I said, it does not work. There was a time it worked for a (short) while, but, that was very long ago. Wish it, still, did, too!  Occasionally, I have reason to try it, again, ever hopeful it will finally be working (again). But, alas, no joy ☹

    Cheers,
    Drew


    Drew - IT Pro / MS Partner/Partner Company / Windows Insider / Owner - Computer Issues

    Friday, April 06, 2018 5:26 AM
  • The permission to access Contacts is what puts people off. This should probably be optional, and the app shouldn't break if the user doesn't grant it. If there is a technical reason why this is not possible, it should be better explained, because the FAQ only says "When you sign in with your personal Microsoft account, we try to simplify the process by finding existing accounts that you use on your phone."
    Thursday, April 12, 2018 8:50 AM