Common questions about the Microsoft Authenticator app - Microsoft Support.

pdf
Saved to Dropbox • May 11, 2024 at 11:40 PM

Sign
 

Support 
 Related topics

Common questions about the

Microsoft Authenticator app
Our free trial of Microsoft 365 is waiting for you

Unlock now

This article answers common questions about the Microsoft Authenticator app. If you
don't see an answer to your question, go to the Microsoft Authenticator app forum .

The Microsoft Authenticator app replaced the Azure Authenticator app, and it's the
recommended app when you use two-step verification. The Authenticator app is
available for Android and iOS .

Frequently asked questions

Select the headings below to see more information

Microsoft Authenticator versions

Q: Which version of the Authenticator app should I be using?
A: To ensure that you stay secure, Microsoft continuously updates the Microsoft
Authenticator App with new security features. Older versions of the app may stop
working as important security features are released. To guarantee that your
Authenticator App can complete authentications, you should be running the latest
version of the app. By using an older application version, your app is susceptible to
malfunction and may cause issues completing authentications. If you are blocked from
signing into your account and are using an older version of the Microsoft Authenticator
App, Microsoft asks that you first verify you are running the latest version and, if not,
that you update via your device’s application store.

Microsoft will also periodically retire old versions of the Authenticator App. If the version
of the app you are using is retired, you will be required to update your application
before you can continue using it to sign in to your account. If you are using a mobile
device that does not support modern versions of the Microsoft Authenticator App, we
recommend notifying your admin and using a time-based one-time password (TOTP) in
the Microsoft Authenticator App to complete two-factor authentication.

Get the latest version of the app

Permission to access your location

Q: I got a prompt asking me to grant permission for the app to access my
location. Why am I seeing this?

A: You will see a prompt from the Authenticator app asking for access to your location if
your IT admin has created a policy requiring you to share your GPS location before you
are allowed to access specific resources. You’ll need to share your location once every
hour to ensure you are still within a country where you are allowed to access the
resource.

On iOS, Microsoft recommends allowing the app to access location always. Follow the
iOS prompts to grant that permission. Here’s what each permission level will mean for
you:

Allow while using the app: If you choose this option, you’ll be prompted to select
two more options.
 Always allow (recommended): While you’re still accessing the protected resource,
for the next 24 hours, your location will be shared silently once per hour from
the device, so you will not need to get out your phone and manually approve
each hour.

Keep only while using: While you’re still accessing the protected resource, every
hour, you’ll need to pull out your device and manually approve the request.

Allow once: Once every hour that you’re still accessing the resource, or next time
you try to access the resource, you’ll need to grant permission again. You will
need to go to Settings and manually enable the permission.

Don’t allow: If you select this option, you’ll be blocked from accessing the
resource. If you change your mind, you will need to go to Settings and manually
enable the permission.

On Android, Microsoft recommends allowing the app to access location all the time.
Follow the Android prompts to grant that permission. Here’s what each permission level
will mean for you:

Allow all the time (recommended): While you’re still accessing the protected
resource, for the next 24 hours, your location will be shared silently once per
hour from the device, so you will not need to get out your phone and manually
approve each hour.

Allow only while using the app: While you’re still accessing the protected
resource, every hour, you’ll need to pull out your device and manually approve
the request.

Deny and don’t ask again: If you select this option, you’ll be blocked from
accessing the resource.

Q: How is my location information used and stored?

A: Authenticator collects your GPS information to determine what country you are
located in. The country name and location coordinates are sent back to the system to
determine if you are allowed to access the protected resource. The country name is
stored and reported back to your IT admin, but your actual coordinates are never saved
or stored on Microsoft servers.
or stored on Microsoft servers.

Q: Why do push notifications show an incorrect address?

A: Authenticator push notifications can include your location to provide better sign-in
security. Authenticator depends upon APIs from the underlying operating system and
other backend services to provide the location. In some cases, push notifications may
show an incorrect address that Authenticator received, or they may show an
approximate address on a map.

Deny requests with modified location

Q: Why is my sign-in denied because of my location?

A: Users can modify the location reported by iOS and Android devices. As a result,
Microsoft Authenticator is updating its security baseline for location-based Conditional
Access policies. Authenticator will deny authentications where the user may be using a
different location than the actual GPS location of the mobile device where Authenticator
installed.

In the November 2023 release of Authenticator, users who modify the location of their
device will get a denial message in Authenticator when they try location-based
authentication. Beginning January 2024, any users that run older Authenticator versions
will be blocked from location-based authentication:

Authenticator version 6.2309.6329 or earlier on Android

Authenticator version 6.7.16 or earlier on iOS

To find which users run older versions of Authenticator, use Microsoft Graph APIs.

Backup and recovery

Q: I got a new device or restored my device from a backup. How do I set up
my accounts in Authenticator again?

A: If you turned on Cloud Backup on your old device, you can use your old backup to
recover your account credentials on your new iOS or an Android device. For more info,
see the Backup and recover account credentials with Authenticator article.

Lost device
Q: I lost my device or moved on to a new device. How do I make sure
notifications don't continue to go to my old device?

A: Adding Authenticator to your new device doesn't automatically remove the app from
your old device. Even deleting the app from your old device isn't enough. You must both
delete the app from your old device AND tell Microsoft or your organization to forget
and unregister the old device.

To remove the app from a device using a personal Microsoft account, go to the
two-step verification area of your Account Security page and choose to turn off
verification for your old device.

To remove the app from a device using a work or school Microsoft account, go
to the two-step verification area of either your My Apps page or your
organization's company portal to turn off verification for your old device.

Notification blocks sign-in

Q: I’m trying to sign in and I need to select the number in my app that’s displayed
in screen, but
the notification prompt from Authenticator is blocking the screen. What do I do?

A: Select the ““I can’t see number” option on the notification so you can see the sign-
in screen and the number you need to select. The prompt reappears
after 3 seconds, and you can select the correct number then.

Notifications are expired

Why are my notifications in Authenticator always expired?

A: Authenticator requires your mobile device clock to accurately report your local time. If
your device clock is set to manual, reconfigure your system clock to automatic. After
updating your clock, restart your device and make sure the new time is set correctly.

Registering a device
Q: Is registering a device agreeing to give the company or service access to
my device?

A: Registering a device gives your device access to your organization's services and
doesn't allow your organization access to your device.

Error adding account

Q: I can't add my work or school account to Microsoft Authenticator and I am
receiving the following error: “We could not complete the sign-in at this time.
Please ensure push notifications are enabled in Settings and your network
connection is stable.”

A: Press OK to dismiss the message and then go to Settings and make sure push
notifications are enabled and you have network connectivity. You can also remove
your account and attempt the sign in again. If you are still not able to add your account,
please reach out to your admin.

Q: I can't add my work or school account to Microsoft Authenticator on

Android and I am receiving one of the following errors: “Google Play services
are currently unavailable on this device,” “Sorry, only part of the set up
completed successfully,” or “Enable push notifications to receive alerts.”

A: In order to use the Microsoft Authenticator App on Android for your work or school
account, push notifications for the app must be enabled and Google Play Services and
the Google Play Store must be downloaded and enabled.

If you still have trouble, check these settings:

Make sure the device requires a PIN or biometric to unlock. Try to re-enable
faceID or fingerprint in the device settings and restart the device. Use the faceID
or fingerprint to unlock the device after restart, then try to re-enable
passwordless for the account in Microsoft Authenticator.
 If you are using Android for Work or Work Profile, make sure the PIN or
biometric is enabled for the profile in Microsoft Authenticator.

Make sure the device has hardware encryption enabled. For steps to enable
hardware encryption, see Encrypt your Android device .

Make sure the device is registered. Open Authenticator > Settings > Device
Registration. Make sure the account is registered for passwordless and is joined
to you work or school. Sign-in with this account on the device registration page,
then try enabling passwordless for the account.

Check that your phone is not running any malware like a rootkit for example.

If you are still not able to add your account, please reach out to your admin.

Q: When I try to add my account, I get an error message saying “The account
you're trying to add is not valid at this time. Contact your admin to fix this
issue (uniqueness validation).” What should I do?

A: Reach out to your admin and let them know you’re prevented from adding your
account to Authenticator because of a uniqueness validation issue. You’ll need to
provide your sign-in username so that your admin can look you up in your organization.

Q: I am having trouble adding my work or school account to my Microsoft

Authenticator app. What are the steps?

A: To add a work or school account for passwordless or two-step verification, select the
+ button in the top right corner of Microsoft Authenticator > Work or school
account > Sign in and complete the authentication on your device to add your
account.

If you are adding a work or school account for two-step verification, you can also visit
mysignins.microsoft.com > Security Info > Add sign-in method > Authenticator
App and complete the steps using the provided QR code in order to add your account.

More information about adding a work or school account to Microsoft Authenticator

can be found at Add your work or school account to the Microsoft Authenticator app .

Q: I am having trouble adding my personal account to Microsoft

Authenticator. What are the steps?
A: If you need help adding your personal Microsoft account to Microsoft Authenticator,
please visit our Microsoft account help page How to use Microsoft Authenticator .

App Lock feature

Q: What is App Lock, and how can I use it to help to keep me more secure?

A: App Lock helps keep your one-time verification codes, app information, and app
settings more secure. When App Lock is enabled, you’ll be asked to authenticate using
your device PIN or biometric every time you open Authenticator. App Lock also helps
ensure that you’re the only one who can approve notifications by prompting for your
PIN or biometric any time you approve a sign-in notification. You can turn App Lock on
or off on the Authenticator Settings page. By default, App Lock is turned on when you
set up a PIN or biometric on your device.

Unfortunately, there's no guarantee that App Lock will stop someone from accessing
Authenticator. That's because device registration can happen in other locations outside
of Authenticator, such as in Android account settings or in the Company Portal app.

Q: Why do I see PIN input rather than biometric for unlock?

A: If your using Microsoft Authenticator with an Android or iOS work profile, make sure
you add biometrics in your work profile. Biometrics for regular security don't always
carry over to work profiles.

Windows Mobile retired

Q: I have a Windows Mobile device, and the Authenticator on Windows
Mobile has been deprecated. Can I continue authenticating using the app?

A: All authentications using the Authenticator on Windows Mobile will be retired after
July 15, 2020. We strongly recommend that you use an alternate authentication method
to avoid being locked out of your accounts.

Alternate options for enterprise users include:

 Setting up the Authenticator for Android or iOS .

Setting up SMS to receive verification codes.

Setting up a phone number to receive phone calls to verify their identity.

Alternate options for personal Microsoft account users include:

Setting up the Authenticator for Android or iOS .

Setting up an alternate sign-in method (SMS or email) by updating your security

info from the Microsoft Account Security page .

Android screenshots
Q: Can I take screenshots of my one-time password (OTP) codes on the
Android Authenticator?

A: Beginning with release 6.2003.1704 of Authenticator Android, by default all OTP

codes are hidden anytime a screenshot of Authenticator is taken. If you want to see your
OTP codes in screenshots or allow other apps to capture the Authenticator screen, you
can. Just turn on the Screen Capture setting in Authenticator and restart the app.

Data handling
Q: What data does the Authenticator collect and store on my behalf and how
can I delete this data?

A: The Authenticator app collects three types of information:

Account info you provide when you add your account. After adding your
account, depending on the features you enable for the account, your account
data might sync down to the app. This data is stored on your device and can be
removed by removing your account.

Non-personally identifiable usage data, such as aggregate details about success

 or failure of important operations that are used to detect decreased reliability
and bugs. This minimal data is needed to keep the app updated and secure. You
need to accept the notice of this data collection when you use the app for the
first time.

You can also allow the sharing of additional non-personal usage data by turning
on the “Usage Data” toggle button on the app's Settings page or when you use
the app for the first time. This data allows our engineers to improve the app in
ways that are important to you. This setting can be turned on or off at any time.

Diagnostic log data that stays only in the app until you select Send feedback in
the app's top menu to send logs to Microsoft. These logs can contain personal
data such as email addresses, server addresses, or IP addresses. They also can
contain device data such as device name and operating system version. Any
personal data collected is limited to information needed to help troubleshoot
app issues. You can browse these log files in the app at any time to see the
information being gathered. If you send your log files, Authenticator app
engineers will use them only to troubleshoot customer-reported issues.

For more information, review the Microsoft Privacy Statement .

Get Incident ID for customer support

Q: How can I get my Incident ID after sending logs to customer support?

A: Users can send logs to customer support and get the Incident ID with these steps:

1. Open Microsoft Authenticator.

2. Tap Send feedback in the app's top menu.

3. Fill out the form and send the feedback.

4. Note the Incident ID. Your administrator might ask for this Incident ID if they
request customer support.
Codes in the app
Q: What are the codes in the app for?

A: When you open Authenticator, you'll see your added accounts as tiles. Your work or
school accounts and your personal Microsoft accounts will have six or eight digit
numbers visible in the full screen view of the account (accessed by tapping the account
tile). For other accounts, you’ll see a six or eight digit number in the Accounts page of
the app.
You'll use these codes as single-use password to verify that you are who you say you
are. After you sign in with your username and password, you'll type in the verification
code that's associated with that account. For example, if you're Katy signing in to your
Contoso account, you'd tap the account tile and then use the verification code 895823.
For the Outlook account, you’d follow the same steps.
Tap the Contoso account tile.

After you tap the Contoso account tile, the verification code is visible in full screen.

Countdown timer
Q: Why does the number next to the code keep counting down?

A: The active verification code changes every 30 seconds so that if somebody were to
learn what code you used to verify your sign in yesterday, or even a minute ago, they
wouldn't be able to use that code to get into your account. This timer is the countdown
to the verification code changing to the next code. Unlike a password, we don't want
you to remember this number. Only someone with access to your phone should be able
to get your verification code.

Caution: A common trick of attackers is to contact you via text or phone pretending to
be your bank, IT support, or other service provider and saying they need you to read
them the code from your authenticator app to verify your identity on the call. Don't give
them the code - they're trying to break into your account and are stuck at the verification
prompt. No real company should ever ask you to read your verification code to them
over the telephone - especially if they called you.
Inactive account tile
Q: Why is my account tile gray and inactive?

A: Microsoft Authenticator acts as a secure repository for your account credentials to

help you authenticate and access various applications conveniently. Authenticator may
list inactive accounts that are created by other applications that use Authenticator for
single sign-on support. These inactive accounts don't need any management and can be
safely ignored. They are a function of Authenticator that improves your overall sign-in
experience.

Device registration
Q: What is device registration?

A: Your org might require you to register the device to track access to secured resources,
such as files and apps. They also might turn on Conditional Access to reduce the risk of
unwanted access to those resources. You can unregister your device in Settings , but
you may lose access to emails in Outlook, files in OneDrive, and you'll lose the ability to
use phone sign-in.

Verification codes when connected

Q: Do I need to be connected to the Internet or my network to get and use
the verification codes?

A: The codes don't require you to be on the Internet or connected to data, so you don't
need phone service to sign in. Additionally, because the app stops running as soon as
you close it, it won't drain your battery.

No notifications when app is closed

Q: Why do I only get notifications when the app is open? When the app is
closed, I don't get notifications.

A: If you're getting notifications, but not an alert, even with your ringer on, you should
check your app settings. Make sure the app is turned on to use sound or to vibrate for
notifications. If you don't get notifications at all, you should check the following
conditions:

Is your phone in Do Not Disturb or Quiet mode? These modes can prevent apps
from sending notifications.

Can you get notifications from other apps? If not, it could be a problem with the
network connections on your phone, or the notifications channel from Android
or Apple. You can try to resolve your network connections through your phone
settings. You might need to talk to your service provider to help with the
Android or Apple notifications channel.

Can you get notifications for some accounts on the app, but not others? If yes,
remove the problematic account from your app, add it again allowing
notifications, and see if that fixes the problem.

If you tried all of these steps and are still having issues, we recommend sending your log
files for diagnostics. Open the app, go to app’s top-level menu, and then select Send
feedback . After that, go to the Microsoft Authenticator app forum and tell Microsoft
the problem you're seeing and the steps you tried.

Switch to push notifications

Q: I'm using the verification codes in the app, but how do I switch to the
push notifications?

A: You can set up notifications for your work or school account (if allowed by your
administrator) or for your personal Microsoft account. Notifications won't work for third-
party accounts, like Google or Facebook.

To switch your personal account over to notifications, you'll have to re-register your
device with the account. Go to Add Account , select Personal Microsoft Account ,
and then sign in using your username and password.

For your work or school account, your organization decides whether or not to allow one-
click notifications.

Notifications for other accounts

Q: Do notifications work for non-Microsoft accounts?

A: No, notifications only work with Microsoft accounts and Azure Active Directory
accounts. If your work or school uses Azure AD accounts, they are able to turn off this
feature.

Remove account from app

Q: How do I remove an account from the app?

A: Tap the account tile for the account you’d like to remove from the app to view the
account full screen. Tap Remove account to remove the account from the app.

If you have a device that is registered with your organization, you might need an extra
step to remove your account. On these devices, Authenticator is automatically registered
as a device administrator. If you want to completely uninstall the app, you need to first
unregister the app in the app settings.

Too many permissions

Q: Why does the app request so many permissions?

A: Here's the full list of permissions that might be asked for, and how they're used by the
app. The specific permissions you see will depend on the type of phone you have.

Location . Sometimes your organization wants to know your location before

allowing you to access certain resources. The app will request this permission
only if your organization has a policy requiring location.

Use biometric hardware . Some work and school accounts require an

additional PIN whenever you verify your identity. The app requires your consent
to use biometric or facial recognition instead of entering the PIN.

Camera . Used to scan QR codes when you add a work, school, or non-
Microsoft account.

Microphone
Microphone: Authenticator app only requests microphone permissions when
it performs voice authentication. It is not invoked during non-voice
authentication and is not on by default.

Contacts and phone . The app requires this permission to search for work or
school Microsoft accounts on your phone and add them to the app for you.

SMS . Used to make sure your phone number matches the number on record
when you sign in with your personal Microsoft account for the first time. We
send a text message to the phone on which you installed the app that includes a
6-8 digit verification code. You don't need to find this code and enter it because
Authenticator finds it automatically in the text message.

Draw over other apps . The notification you get that verifies your identity is
also displayed on any other running app.

Receive data from the internet . This permission is required for sending
notifications.

Prevent phone from sleeping . If you register your device with your
organization, your organization can change this policy on your phone.

Control vibration. You can choose whether you would like a vibration
whenever you receive a notification to verify your identity.

Use fingerprint hardware . Some work and school accounts require an

additional PIN whenever you verify your identity. To make the process easier, we
allow you to use your fingerprint instead of entering the PIN.

View network connections . When you add a Microsoft account, the app
requires network/internet connection.

Read the contents of your storage . This permission is only used when you
report a technical problem through the app settings. Some information from
 your storage is collected to diagnose the issue.

Full network access. This permission is required for sending notifications to

verify your identity.

Run at startup . If you restart your phone, this permission ensures that you
continue you receive notifications to verify your identity.

Accessibility Service . Used to optionally support Autofill on more apps and

sites.

Approve requests without unlocking

Q: Why does Authenticator allow you to approve a request without unlocking
the device?

A: You don't have to unlock your device to approve verification requests because all you
need to prove is that you have your phone with you. Two-step verification requires
proving two things--a thing you know, and a thing you have. The thing you know is your
password. The thing you have is your phone (set up with Authenticator and registered as
a two-step verification proof.) Therefore, having the phone and approving the request
meets the criteria for the second step of verification.

Activity notifications
Q: Why am I getting notifications about my account activity?

A: Activity notifications are sent to Authenticator immediately whenever a change is

made to your personal Microsoft accounts, helping to keep you more secure. We
previously sent these notifications only through email and SMS. For more information
about these activity notifications, see What happens if there's an unusual sign-in to your
account . To change where you receive your notifications, sign in to the Where can we
contact you with non-critical account alerts page of your account.

One-time passcodes
Q: My one-time passcodes are not working. What should I do?
A: Make sure the date and time on your device are correct and are being automatically
synced. If the date and time is wrong, or out of sync, the code won't work.

Default mail app

Q: While signing in to my work or school account using the default mail app
that comes with iOS, I get prompted by Authenticator for my security
verification information. After I enter that information and return to the mail
app, I get an error. What can I do?

A: This most-likely happens because your sign-in and your mail app are occurring across
two different apps, causing the initial background sign-in process to stop working and
to fail. To try to fix this, we recommend you select the Safari icon on the bottom right
side of the screen while signing in to your mail app. By moving to Safari, the whole sign-
in process happens in a single app, allowing you to sign in to the app successfully.

Signing into an iOS app

Q: I’m trying to sign into an iOS app, and I need to approve a notification on
the Authenticator app. When I go back to the iOS app, I get stuck. What can I
do?

A: This is a known issue on iOS 13+. The scenario happens when you are trying to sign
into an application or service, and you are notified by the iOS Authenticator app and
approve. Then, when you go back to the application or service you were signing into, the
service is still waiting for approval from the app. This is because the network connecting
the service you are signing into terminates and is not able to receive sign-in approval
from Authenticator, creating a loop. If this occurs to you, reach out to your support
admin for help, and provide the following details: Use Azure MFA (Azure Multi-Factor
Authentication), not MFA server . .

Q: Does Authenticator use App Transport Security (ATS) on the iOS version of
the app?

A: Yes, Authenticator on iOS uses Apple's ATS solution to support privacy and data
integrity between the app and web services for in-app functions. The in-app browser
does not utilize ATS so we can continue to support federated cloud scenarios for
customers without interruption.

Apple Watch and Android wearable device support

Q: Are Apple Watch or Android wearable devices supported for
Authenticator?

A: Apple Watch and Android wearable devices (such as Samsung Galaxy Watch) are
currently incompatible with Authenticator’s security features. With the release of
Authenticator 6.7.3 for iOS, the companion app was removed from the Apple Watch.
This change only affects wearables, so you can still mirror Authenticator notifications
from your phone to your wearable device. But how that experience looks depends on
your hardware's operating system.

Autofill with Authenticator

Q: What is Autofill with Authenticator?

A: The Authenticator app now securely stores and auto-fills passwords on apps and
websites you visit on your phone. You can use Autofill to sync and autofill your
passwords on your iOS and Android devices. After setting up the Authenticator app as
an autofill provider on your phone, it offers to save your passwords when you enter
them on a site or in an app sign-in page. The passwords are saved as part of your
personal Microsoft account and are also available when you sign in to Microsoft Edge
with your personal Microsoft account.

Q: What information can Authenticator autofill for me?

A: Authenticator can autofill usernames and passwords on sites and apps you visit on
your phone.

Q: How do I turn on password autofill in Authenticator on my phone?

A: Follow these steps:

1. Open the Authenticator app.

 2. On the Passwords tab in Authenticator, select Sign in with Microsoft and
sign in using your Microsoft account . This feature currently supports only
Microsoft accounts and doesn't yet support work or school accounts.

Q: How do I make Authenticator the default autofill provider on my phone?

A: Follow these steps:

1. Open the Authenticator app.

2. On the Passwords tab inside the app, select Sign in with Microsoft and sign
in using your Microsoft account.

3. Do one of the following:

On iOS, under Settings , select How to turn on Autofill in the

Autofill settings section to learn how to set Authenticator as the
default autofill provider.

On Android, under Settings , select Set as Autofill provider in the

Autofill settings section.

Q: What if Autofill is not available for me in Settings?

A: If Autofill is not available for you in Authenticator, it might be because autofill has not
yet been allowed for your organization or account type. You can use this feature on a
device where your work or school account isn’t added. To learn more on how to allow
Autofill for your organization, see Autofill for IT admins .

Q: How do I stop syncing passwords?

A: To stop syncing passwords in the Authenticator app, open Settings > Autofill
settings > Sync account . On the next screen, you can select on Stop sync and
remove all autofill data . This will remove passwords and other autofill data from the
device. Removing autofill data doesn't affect two-step verification.

Q: How are my passwords protected by the Authenticator app?

A: Authenticator app already provides a high level of security for two-step verification
and account management, and the same high security bar is also extended to managing
your passwords.

Strong authentication is needed by Authenticator app : Signing into

Authenticator requires a second step. This means that your passwords inside
Authenticator app are protected even if someone has your Microsoft account
password.

Autofill data is protected with biometrics and passcode : Before you can
autofill password on an app or site, Authenticator requires biometric or device
passcode. This helps add extra security so that even if someone else has access
to your device, they can't fill or see your password, because they’re unable to
provide the biometric or device PIN input. Also, a user cannot open the
Passwords page unless they provide biometric or PIN, even if they turn off App
Lock in app settings.

Passwords on the device are encrypted : Passwords on device are

encrypted, and encryption/decryption keys are never stored and always
generated when needed. Passwords are only decrypted when user wants to, that
is, during autofill or when user wants to see the password, both of which require
biometric or PIN.

Cloud and network security : Your passwords on the cloud are encrypted and
decrypted only when they reach your device. Passwords are synced over an SSL-
protected HTTPS connection, which helps prevent an attacker from
eavesdropping on sensitive data when it is being synced. We also ensure we
check the sanity of data being synced over network using cryptographic hashed
functions (specifically, hash-based message authentication code).

Autofill for IT admins

Q: Will my employees or students get to use password autofill in
Authenticator app?

A: Yes, Autofill for your personal Microsoft accounts now works for most enterprise users
even when a work or school account is added to the Authenticator app. You can fill out
a form to allow or deny Autofill for your organization and send it to the Authenticator
team . Autofill is not currently available for work or school accounts.

Q:
Q: Will
Will my
my users’
users’ work
work or
or school
school account
account password
password get
get automatically
automatically synced?
synced?

A: No. Password autofill won't sync work or school account password for your users.
When users visit a site or an app, Authenticator will offer to save the password for that
site or app, and password is saved only when user chooses to.

Q:
Q: Can
Can II add
add only
only certain
certain users
users in
in my
my organization
organization to
to the
the allowlist
allowlist for
for
Autofill?
Autofill?

A: No. Enterprises can only enable passwords autofill for all or none of their employees
at this time.

Q:
Q: What
What ifif my
my employee
employee or
or student
student has
has multiple
multiple work
work or
or school
school accounts?
accounts? For
For
example,
example, mymy employee
employee has
has accounts
accounts from
from multiple
multiple enterprises
enterprises or
or schools
schools in
in
their
their Authenticator
Authenticator app.
app.

A: All enterprises or schools added in the Authenticator app need to be allowlisted for
Autofill in Authenticator for the app owner to be able to use it. The one exception to this
restriction is when your employee or student adds their work or school account into
Microsoft cloud-based two-step verification as an external or third-party account.

Verified ID
Verified IDs are secure trusted credentials that can be used by websites and
organizations to make account setup simpler and safer.

Usually, you'll use your device's camera to capture a QR code on the site to get a new
Verified ID, or a verification of an ID already on your device. You still use your password
to access credentials to share with another organization.

Q:
Q: Can
Can II create
create my
my own
own Verified
Verified Identity?
Identity?
A: Verified IDs are issued directly from your organization or a website.

Q:
Q: Why
Why when
when II try
try to
to use
use my
my camera
camera to
to capture
capture aa Verified
Verified ID
ID QR
QR code
code it
it fails?
fails?
A: Try using the QR code capture feature directly in Microsoft Authenticator.

Q:
Q: How
How can
can II see
see which
which sites
sites are
are using
using my
my identity
identity data?
data?
A: Sites that request your Verified ID will show up in the usage history in the details of
your Verified ID card.

Next steps

If you're having trouble getting your verification code for your personal
Microsoft account, see the Troubleshooting verification code issues section of
the "Microsoft account security info & verification codes" article.

If your question wasn't answered here, we want to hear from you. Post your
question to the Microsoft Authenticator app forum to get help from the
community.

More information
Go passwordless on your device

Microsoft security help and learning

 SUBSCRIBE RSS FEEDS

Need more help?

How can we help you? 


Want more options?

 Discover
 Discover  Community
Community
Explore subscription benefits, browse training courses, learn how to secure your device,
and more.

Microsoft 365 subscription benefits Microsoft 365 training

Microsoft security Accessibility center

 Was
Was this
this information
information helpful?
helpful? Yes
Yes No
No

What's
What's new
new Microsoft
Microsoft Store
Store
Surface Laptop Studio 2 Account profile

Surface Laptop Go 3 Download Center

Surface Pro 9 Microsoft Store support

Surface Laptop 5 Returns

Microsoft Copilot Order tracking

Copilot in Windows Certified Refurbished

Explore Microsoft products Microsoft Store Promise

Windows 11 apps Flexible Payments

Education
Education
Microsoft in education

Devices for education

Microsoft Teams for Education

Microsoft 365 Education

How to buy for your school

Educator training and development

Deals for students and parents

Azure for students

Business
Business Developer
Developer &
& IT
IT
Microsoft Cloud Azure

Microsoft Security Developer Center

Dynamics 365 Documentation

Microsoft 365 Microsoft Learn

Microsoft Power Platform Microsoft Tech Community

Microsoft Teams Azure Marketplace

Copilot for Microsoft 365 AppSource

Small Business Visual Studio

Company
Company
Careers

About Microsoft

Company news

Privacy at Microsoft

Investors

Diversity and inclusion

Accessibility

Sustainability
 English (United States)

Your Privacy Choices

Consumer Health Privacy

Sitemap Contact Microsoft Privacy Terms of use Trademarks Safety & eco Recycling About our ads

© Microsoft 2024