Enable mobile app authentication with Microsoft Entra Multifactor Authentication Server
The Microsoft Authenticator app offers an extra out-of-band verification option. Instead of placing an automated phone call or SMS to the user during login, Microsoft Entra Multifactor Authentication pushes a notification to the Authenticator app on the user's smartphone or tablet. The user simply taps Verify (or enters a PIN and taps "Authenticate") in the app to complete their sign-in.
Using a mobile app for two-step verification is preferred when phone reception is unreliable. If you use the app as an OATH token generator, it doesn't require any network or internet connection.
Important
In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Microsoft Entra Multifactor Authentication service by using the latest Migration Utility included in the most recent Microsoft Entra Multifactor Authentication Server update. For more information, see Microsoft Entra Multifactor Authentication Server Migration.
To get started with cloud-based MFA, see Tutorial: Secure user sign-in events with Microsoft Entra Multifactor Authentication.
Important
If you have installed Microsoft Entra Multifactor Authentication Server v8.x or higher, most of the steps below are not required. Mobile app authentication can be set up by following the steps under Configure the mobile app.
Requirements
To use the Authenticator app, you must be running Microsoft Entra Multifactor Authentication Server v8.x or higher
Configure the mobile app settings in MFA Server
- In the MFA Server console, select the User Portal icon. If users are allowed to control their authentication methods, check Mobile App on the Settings tab, under Allow users to select method. Without this feature enabled, end users are required to contact your Help Desk to complete activation for the Mobile App.
- Check the Allow users to activate Mobile App box.
- Check the Allow User Enrollment box.
- Click the Mobile App icon.
- Populate the Account name field with the company or organization name to display in the mobile application for this account.