Microsoft Authenticator, installable and works in SFOS 4.5.0.21 / XA III?

My company is now enforcing all personnel to use Microsoft Authenticator. Is this support level (Android version 11, API level 30 ) in SFOS 4.5.0.21 enough for the Authenticator to be installed and to be useable
too?
cheers,
Heikki

i tried recently, and it didn’t seem to succeed at its task (of preventing the work laptop from pestering me with authentication requests).

that said, i have no desire to have authenitcator on my phone, so i made zero effort to triage the problem.

There is a thread on Microsoft Answers on alternative ways of authenticating. You can also try to use Yubikey instead.

What authentication mode do you use? I’m also supposed to use authenticator, but it could in the Microsoft account settings be replaced by any TOTP app, for instance Foil Auth. I think this was also already adressed somewhere in the forum. I will search for it.

I’m using Microsoft Authenticator on my 10III (SFOS 4.5.0.24). I needed to install MicroG to get it working (if I remember correctly). There are several posts here about how to install MicroG.
You can also use SailOTP or other OTP solutions from Storeman to authenticate using native SFOS apps

This is important, not only on SailfishOS, but generally.

Microsoft Authenticator is still in the Embrace phase of EEE, therefore still following open standards which means you can use any other application which can generate TOTP (time-based one-time) auth tokens.

There is no doubt Microsoft will move to a different scheme once they have affirmed their grip on the industry, but for now this works.

I using FoilAuth for our Company-2FA. I’m glad our management have technical skills and know which OS/Company can be trusted or not and is open minded for alternative OS/solutions.

I think for some services, e.g. access to Microsoft 365 (e.g. for the work mailbox), if the organization requires the use of a 2nd factor it is possible to use e.g. a standard TOTP authentication (making possible to use native SFOS applications like FoilAuth or SailOTP).

For other services, like a passwordless login on a (e.g. business) Windows laptop, Microsoft describes only their Authenticator app as suitable tool. In that case, I’m not sure whether there is an alternative way to grant the access in a similar way.

When first logging with 2FA on MS accounts, it makes it sound like “Microsoft Authenticator” is required. But it supports TOTP from any app. If you still can log into your account for a last time using classical ways (e.g. 2FA using SMS), then you can do:
(I did for the web client since I don’t use Windows as OS)
(This is my approximate translation into English)

1. click on my name top right corner of the web application.
2. click “My account”
3. click “My sign-ins”
4. click “Security information”
5. click “Add a connection method”

The drop-down menu should list “Authenticator application (time-based one-time password)”. It displays a QR code which you can read in SailOTP, or you can ask it to display the secret in text form and you can input it in other TOTP clients (apart from SailOTP, it worked for me with https://totp.app and unix CLI pass-otp).

Edit: My company also made it sound like we needed Microsoft Authenticator. I raised a ticket asking for them to supply me a phone or tablet with the software installed. They answered it works with any TOTP app.

SailOTP can be used if the Third-party software OATH tokens is enabled.

True, they are hardening the Microsoft Authenticator app; as published in: It’s Time to Hang Up on Phone Transports for Authentication - Microsoft Community Hub and enforced in October.

MC650420 if you have access to the Message Center

Thanks to all who commented, and especially to those many that suggested trying other OTP (as MS still has it possible). I installed SailOTP, showed the QR code and bazam, it worked for accessing intranet etc in the company.
Thanks again, good sailing to all

I’m on Xperia 10 III, on Sailfish OS 4.5.0.24 with Play Service installed, and it works well.

Works for me on Xperia 10 iii, SFOS 4.5.0.24 without (!) Play Services!

Just curious how many have just used FoilAuth (or Yubi)? The Microsoft Authenticator ‘issue’ is the same as the ‘Google Authenticator’ issue. I have not yet failed with FoilAuth for ANY service that is actually just doing TOTP.

I’d say they moved on to Extend: It seems they already “improved” their Athenticator with push notifications, because involving half the internet in every login must be a good thing.

Somebody found a tedious workaround:

Perhaps we should just enjoy plain TOTP while it’s still possible where the Microsoft Authenticator is required. (←Edit to clarify context.)

Well, that’s a bit like ‘https’ while it lasts. Microsoft Authenticator could make it so it is no longer usable with other parties, but that would kinda force people to use, well, google authenticator and it would be ‘lights out’ for MS. It might be real walled garden, in which case your employer better provide the device.

My company implemented 2 years ago the 2-step authentication of office 365 with microsoft authenticator. I forced them to enable OTP to avoid using that app and use one of the many OTP compatible apps.

Autenticator push including two digit verification code, all works fine.
So even if TOTP is disabled by policy, it’s no issue.

I meant that in the context where the MS Authenticator is required and have updated my post accordingly. While general use of TOTP would be unaffected, I assume Microsoft is going to promote - and eventually require - their own security “improvements” for accessing things like Office365, cloud storage, cloud hosting and enterprise services.

The forum thread I linked is about just such a situation. The original poster was required to use the MS Authenticator with push notifications at their workplace - and also required to bring a personal device running the app, as the company would not supply one.

I understand the argument, I’m just not sure it won’t lead to ‘friction’ within organizations. The assumption that one ONLY has microsoft apps AND that one can use multiple Authentication apps in an enterprise (say the size of VW) is a bit of a stretch. I realize that the larger companies tend to opt ‘all in’ on MS products, but, they also do push back under certain circumstances. This feels like an instance of overstepping but maybe the Jira/Confluence (etc, etc) integration is better than I remember?