Microsoft recently announced an incoming update for its two-factor authenticator apps on iOS and Android, bringing a more robust suite of password authenticator abilities, along with a redesigned user interface, to each app (via The Verge). Set to launch on August 15, the update combines 'the best parts' of the company's previous authenticator apps into one service, letting users save data for both a Microsoft account (targeted at consumers) and an Azure AD account (targeted at enterprise users).
The update is planned to overhaul Microsoft's existing, two-step verification iOS app, Azure Authenticator, while the Microsoft account app on Android will prompt users with a starting message to download the new app in the Android store. For iOS users, the company promised that any accounts saved in Azure Authenticator will be 'automatically upgraded' into the new version of the app. Before the new update, the iOS app solely supported Azure AD accounts.
Also coming to Microsoft Authenticator is a new, 'incredibly simple' user experience that the company promises maintains 'the highest level of security' for all of the accounts linked to the app. There's also a streamlined multi-factor authentication in the app's one-click notifications, where users just click an 'approve' button in the notification to finish an account's login. In addition, fingerprint approval will be coming to the Microsoft Authenticator app for anyone who wants to bypass needing to type in a passcode.
Users on iOS can get ready for the incoming update by downloading Azure Authenticator for free from the iOS App Store. [Direct Link]
The update is planned to overhaul Microsoft's existing, two-step verification iOS app, Azure Authenticator, while the Microsoft account app on Android will prompt users with a starting message to download the new app in the Android store. For iOS users, the company promised that any accounts saved in Azure Authenticator will be 'automatically upgraded' into the new version of the app. Before the new update, the iOS app solely supported Azure AD accounts.
Also coming to Microsoft Authenticator is a new, 'incredibly simple' user experience that the company promises maintains 'the highest level of security' for all of the accounts linked to the app. There's also a streamlined multi-factor authentication in the app's one-click notifications, where users just click an 'approve' button in the notification to finish an account's login. In addition, fingerprint approval will be coming to the Microsoft Authenticator app for anyone who wants to bypass needing to type in a passcode.
On August 15th, we will start releasing the new “Microsoft Authenticator” apps in all mobile app stores. This new app combines the best parts of our previous authenticator apps into a new app which works with both Microsoft accounts and Azure AD accounts.In that same vein, Microsoft is making MFA challenges even easier to approve, thanks to Apple Watch support in the new update. The same 'approve' button notification will appear on Apple's wearable, letting users bypass needing to pick up their iPhone at all to finish up the authentication process. The company said that Samsung Gear devices will also be supported for those on Android.
We’re just getting started on this new app! Now that we’ve finished consolidating into a single code base, we’re expecting to deliver new improvements at a very rapid pace.
Users on iOS can get ready for the incoming update by downloading Azure Authenticator for free from the iOS App Store. [Direct Link]
Guides
Upcoming
In addition to on-premise applications, ESET Secure Authentication also supports web/cloud services such as Google Apps and Microsoft ADFS 3.0 (including Office 365). Multiple ways to authenticate ESET Secure Authentication supports mobile applications, push notifications, hard tokens and SMS for one-time password (OTP) delivery, as well as custom methods. Sep 20, 2010 However this app needs to get some TouchID support for further protection. That’s my only gripe. If you were to happen to leave your phone unlocked, someone can just open the app and get the codes without having to type in a PIN or authenticate with TouchID. This is a security flaw.
Front Page Stories
RemoteApp and RDWeb - Instructions for Mac OS X Users Configuring your Mac OS X Computer for RemoteApp and RDWeb Prior to configuring/using RemoteApp and RDWeb, you must download and connect to the SU VPN for Mac OS. Two-factor authentication (2FA) adds an additional layer of protection beyond passwords. Download our free app today and follow our easy to use guides to protect your accounts and personal information.
Apple Reportedly Shelves 'Walkie-Talkie' Feature Allowing iPhone-to-iPhone Messaging Without Wi-Fi or Cellular
Apple Shares Trailer for Upcoming Apple TV+ Show 'Dickinson'
3 hours ago on Front PageApple Releases tvOS 12.4.1, watchOS 5.3.1, and a macOS Mojave 10.14.6 Supplemental Update
3 hours ago on Front PageApple Releases iOS 12.4.1 With Jailbreak Vulnerability Fix
3 hours ago on Front PageApple Promotes Apple Card in New Ad
3 hours ago on Front Page2020 iPad Pro Said to Feature 3D Sensing Rear Cameras
4 hours ago on Front PageDisney+ Will Offer up to Four Simultaneous Streams and 4K Content for $6.99 a Month
2 days ago on Front PageApple Contractors Listened to 1,000+ Siri Recordings Per Shift
3 days ago on Front Page
• The Most Interesting Features in Samsung's New Galaxy Note 10+ Flagship Smartphone(182)
• Health and Activity: What's New in iOS 13(45)
• ZENS Unveils AirPower-Like Wireless Charger With 16 Coils to Charge Two Devices Anywhere on Mat(154)
• HomePod Launches in Japan and Taiwan [Updated](183)
• Apple Debuts New iCloud.com Beta Site With Fresh Look, Reminders App(127)
• Bose Announces AirPlay 2-Equipped Portable Home Speaker(80)
• Law Firm Capitalizes on Reports Apple's iPhones Exceeded Radiofrequency Radiation Safety Levels in Some Tests(167)
Mac app for children. Editor’s note 08/01/2017:
This post was updated to reflect that modern authentication is now on by default for Exchange Online and Skype for Business Online.
This post was updated to reflect that modern authentication is now on by default for Exchange Online and Skype for Business Online.
Editor’s note 05/18/2016:
This post was updated to reflect that modern authentication has moved from public preview to general availability.
This post was updated to reflect that modern authentication has moved from public preview to general availability.
Editor’s note 04/18/2016:
The chart was updated to show the availability of modern authentication for Outlook on Mac OS X.
The chart was updated to show the availability of modern authentication for Outlook on Mac OS X.
Editor’s note 12/17/2015:
The chart was updated to show the availability of modern authentication for iOS and Android.
The chart was updated to show the availability of modern authentication for iOS and Android.
Original post:
Today’s post was written by Paul Andrew, technical product manager for Identity Management on the Office 365 team.
Today’s post was written by Paul Andrew, technical product manager for Identity Management on the Office 365 team.
We’re constantly expanding the range of Office 365 products and services that support Modern Authentication. As we continue to enable enhanced identity scenarios, you can keep track of our progress below. Here’s a summary of the updates:
- Modern authentication in the Office 2013 Windows client and in the Office 2016 Windows client are complete and at GA.
- All users of Office 365 modern authentication can now get production support through regular Microsoft support channels.
- Use of Office 365 modern authentication is now on by default for Office 2016.
- As of August 1, 2017, for all newly created Office 365 tenants, use of modern authentication is now on by default for Exchange Online and Skype for Business Online.
- An updated table of client software compatibility is now available.
What is modern authentication?
Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms. This enables sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party Identity Providers with Office client applications, smart card and certificate-based authentication, and it removes the need for Outlook to use the basic authentication protocol. The chart below shows the availability of modern authentication across Office applications.
Office client application | Windows | Mac OS X | Windows Phone | iOS | Android |
Office clients | Available now for Office 2013 and Office 2016. | Available now for Office 2016. Also available for OneNote 2014. | Available now. | Word, Excel and PowerPoint are available now for both phones and tablets. | Word, Excel and PowerPoint are available now for both phones and tablets. |
Skype for Business (formerly Lync) | Included in Office client. | Available now. | Available now. CBA and other modern features not yet supported. | Available now*. | Available now*. |
Outlook | Included in Office client. | Available now. | Coming soon. | Available now. | Available now. |
OneDrive for Business | Included in Office client. | Available now. | Available now for Windows Phone 8.1. | OneDrive for Business is available now. | OneDrive for Business is available now. |
Legacy clients | There are no plans for Office 2010 or Office 2007 to support ADAL-based authentication. | There are no plans for Office for Mac 2011 to support ADAL-based authentication. | There are no plans for Office on Windows Phone 7 to support ADAL-based authentication. | There are no plans to enable older Outlook iOS clients. | There are no plans to enable older Outlook Android clients. |
*Not recommended for split domain configuration that includes both Skype for Business Online and Skype for Business Server.
Getting started with modern authentication
To use Office 365 modern authentication follow these steps:
- If you are using Active Directory Federation Services (ADFS), then first review the caveats with modern authentication published here.
- Use PowerShell to enable your Exchange Online service for modern authentication as described here and Skype for Business Online as described here. SharePoint Online is already enabled.
- Enable any Office 2013 users to use modern authentication as described here. Office 2016 and most other Office client software is already enabled as shown in the table below. Details about setting up Office clients is described here.
Also note that to use modern authentication with Office 2013 you will need the March 2015 update patch described here.
For Office 365 administrators, we have documentation on enabling MFA here.
For Office 365 users, we have documentation on using MFA here.
Frequently asked questions
Q. Is modern authentication enabled by default?
A. In order to support the various methods of authentication chosen by organizations around the world, we have production support for these features but only enable by default in certain circumstances. Modern authentication is enabled by default on Office 2016 clients and other clients as described in the article. It is also enabled by default for Exchange Online and Skype for Business Online, for all newly created Office 365 tenants.
Q. I applied to the preview program; do I need to do anything else to use Office 365 modern authentication?
A. If you applied before November 17, 2015, refer to this article to verify that your tenant was enabled. On or after November 17, 2015, use instructions from the article to enable your tenant.
Q. What if I was previously accepted into the TAP, private preview or public preview for modern authentication?
A. No action is needed from you. You can verify your tenant state for Exchange Online by using the instructions here and Skype for Business Online as described here.
Q. How do Office 2013 and Office 2016 use modern authentication?
A. Read aka.ms/ModernAuthClients for more details.
Q. Does Office 365 modern authentication require any specific Office 365 SKUs?
Xbox App For Mac
A. No. Any Office 365 SKU can use modern authentication.
Q. What is required for to use a third-party identity provider with ADAL-based authentication?
https://writerssupernal.weebly.com/yellow-light-app-for-mac.html. A. The third-party identity provider should be tested and qualified for use with ADAL with the Azure Active Directory federation compatibility list. There is an updated test tool for testing ADAL with identity providers available at testconnectivity.microsoft.com. Select Install Now towards the bottom of the page. Once the Microsoft Connectivity Analyzer Tool is downloaded and running, select the test called: I can’t set up federation with Office 365, Azure or other services that use Azure Active Directory.
Q. What Office 2013 Windows clients are included in the update?
Auth App For Mac Pro
A. Word 2013, Excel 2013, PowerPoint 2013, Lync 2013, Outlook 2013, Publisher 2013, Visio 2013, Access 2013, Project 2013 and OneDrive for Business Sync Client.
Q. What is ADAL?
Google Auth App For Mac
A. ADAL is the Active Directory Authentication Library that is used in Office 365 modern authentication. Details about ADAL are available here.
Free App For Mac
Q. Can I use modern authentication with PowerShell?
Gopro App For Mac
A. Azure AD PowerShell has support for modern authentication in public preview as described on the Active Directory Team Blog. SharePoint Online Management Shell has support for modern authentication available from here.