Microsoft Will Begin Enforcing Authenticator App

December 14, 2023

If you are a admin on a Microsoft 365 tenant you might have just got a email in the last few days telling you that they will begin telling your users to setup Microsoft Authenticator.

This change is due to a setting in the Entra admin center that is set to allow Microsoft to manage the authentication methods the tenant uses.

Why are they doing this? Easy, Microsoft Authenticator is more secure than SMS and Voice for delivering codes. If the user is using SMS or voice they will have to setup authenticator and it will be the default method when the user signs in and needs to verify who they are. If the users are already using authenticator then no action is needed.

If you are thinking what we are then you already know this is a last minute notification and you might not want to scramble to get users setup with the new method. There is a way to delay it though. Sign int the Entra admin center and go to Protection->Authentication Methods->Registration Campaign.

Here you will see the state is set to Microsoft Managed meaning they are controlling the push and you will soon receive the change. To disable this edit the policy and change the state to disabled and save. Thats it, it's still recommended that all users migrate to using the authenticator but now you can slow roll the change to all users and not all at once.