Microsoft Authenticator app has been around for a long time, originally released as beta in 2016. It has served us well with easier and safer access to our resources using Microsoft accounts as well as Azure AD accounts. By using the app, we can do two-factor authentication without the need of email or text codes verification. Just hit the authenticate button when asked (if you know it is you it prompts for of course )
Now you can use the app as a no-password sign-in (no big news about that) but that makes the life of users and not at least security, much easier and more secure.
This blogpost is not intended to go into “how to configure the app” or using it, but to inform about a new coming feature change. Microsoft Authenticator app have had an app lock for a long time, but it was set to “off”, which means that you had to go set the setting manually on every device using the app. Well in these days where users must do more and more themselves, it is not easy to make sure they remember to set the app lock.
We have scenarios on mobile devices. I give 2 examples:
Bring your own device (BYOD) and Company owned device (COD). (I am not going to explain what they are in this blog post)
So, what is all the fuss about? Let us have an example:
If you are a family, you have times where the kids just need to cool off and you let them sit with your phone. It would be terrible bad if someone with bad intentions were trying to break into your account while the kids were playing as they just click whatever blocks there view of the current activity. That would make the intruder able to access your account and there you have it.
With this app lock you will have an extra layer of security and not just the pin / biometric of your phone.
So, what do we do about it?
Download the newest version of the Microsoft Authenticator app 6.4.22+ (Pictures in Danish)
My current version of Microsoft Authenticator
App lock NOT enabled.
Go to the App store and update if not set to automatically update your apps.
After updating a message pops up saying your app lock is now activated!
We confirm that we got the correct version installed
Perfect. App locker activated by default and that is the big news!
Intune cannot set this app lock, so it is either the manual way, or updating to the newest version.