Microsoft updates Outlook Stable to include Authenticator functionality
Microsoft previewed Authenticator Lite in its Outlook mobile application last month after having announced the planned feature in March 2o23.
Today, Microsoft announced the general availability of the Authenticator functionality in the Outlook applications for Android and iOS. Once enabled, Outlook mobile users may use the app as a two-factor authentication tool to verify sign-ins.
Microsoft notes that accounts are "71% less likely to be compromised" than accounts that use SMS codes for two-factor authentication. While any form of multi-factor authentication improves security over accounts that use none, using apps is more secure than using SMS, as codes as transmitted in clear text if the latter option is used.
Microsoft Authenticator Lite is limited to commercial partners. Microsoft reveals that it allows organizations to enable multi-factor authentication for work or school accounts by using the Outlook app.
The decision to use the Outlook app, and not Microsoft's main Authenticator app, may look strange on first glance. Why integrate authenticator functionality into another app? The answer lies in usage statistics. Outlook is installed on more devices than Microsoft's Authenticator app. The Outlook app for Android was downloaded over 500 million times as of March 2023, while Microsoft's Authenticator app only 50 million times.
System administrators do not have to install another app on user devices and get users to use them. Instead, they enable Authenticator Lite functionality in Outlook and users get sign-in approval prompts directly in Outlook.
While that may require some form of technical training as well, it is not as extensive as teaching an entirely new app to users.
Microsoft notes that the following happens when the feature is enabled: "Users are prompted in Outlook on their mobile devices to register for multifactor authentication (MFA). Now, after they enter their password at sign in, they’ll have the option to send a push notification to their Android or iOS device."
Users may approve or deny sign-in requests directly in the Outlook application, or copy the code manually as well.
System administrator may enable the Microsoft Authenticator feature setting in the Microsoft Entra portal and via MS Graph. Technical guidance is available on the Microsoft Learn website, which provides step-by-step instructions on enabling the feature. The support page lists prerequisites as well.
Microsoft work and school users will soon be able to authorize sign-in requests using the company's Outlook application. IT administrators need to enable the feature for users and the Outlook app needs to be installed on user devices as well.
Two-factor authentication is an important security feature at the time of writing. The upcoming passkeys feature will reduce the importance of it in the long run, but it will take years before passkeys support is firmly established.
Now You: passwords, two-factor authentication, passkeys, which do you prefer, and why?