Two years after declaring that it’s time to move away from phone transports for authentication, Microsoft has introduced the public preview of Authenticator Lite. The goal is to help users transition from text message (SMS) and voice-based authentication to a more modern and robust authentication system.
Authenticator Lite is an embedded experience within the Outlook app, making modern strong authentication even more accessible. Microsoft’s top recommendation for modern strong authentication is the Authenticator app, which offers robust security features, frequent updates, and is free to use. With over 100 million users worldwide, Microsoft Authenticator is the most popular method for signing in with strong authentication in Azure.
With the public preview of Authenticator Lite, users who haven’t downloaded the Authenticator app can now complete multi-factor authentication (MFA) for their work or school accounts using the Outlook app on their iOS or Android devices. Authenticator Lite allows users to approve authentication requests and receive Time-based One-Time Password (TOTP) codes, bringing the security of Authenticator to a more convenient location and simplifying the transition from phone-based authentication methods.
During the public preview, admins can enable or disable this feature for specific user groups or leave the feature in a Microsoft-managed state. Authenticator Lite can be enabled from the Entra portal via the Authenticator configuration page or through MS Graph.
Authenticator Lite extends a subset of the Authenticator app’s capabilities into Outlook. Verification notifications will include a number-matching prompt and biometric or PIN verification if enabled on the device. Once enabled for Authenticator Lite, users on the latest version of Outlook without the Authenticator app will be prompted to register Outlook as an MFA method when launching the app on their device.
Registered users will then receive a push notification in their Outlook app during their next authentication. They will also have access to a TOTP code found in their Outlook settings under Authenticator.
The rollout of this feature in Outlook is currently underway. During the public preview, leaving the feature set to “Microsoft managed” will have no impact on users, and the feature will remain turned off unless explicitly enabled. In late April 2023, Authenticator Lite will enter general availability. On May 26, 2023, if the feature is left set to “Microsoft managed,” the tenant will be enabled for Authenticator Lite by Microsoft.
Microsoft encourages users to try out the new feature and provide feedback to help improve the experience. This move showcases Microsoft’s dedication to strengthening and streamlining the authentication process for users on the go.