Allow multiple devices to be configured for mobile app MFA verification
Request to allow multiple devices to be registered to use the Microsoft Authenticator app.
John W. commented
As of about 10 months ago, my company has been able to register multiple devices with the authenticator app for a single account. We've secured our admin account this way. We didn't have to prompt Microsoft to do this - it just started working.
To secure our admin account, we logged in to the admin account via office.com, clicked the name of the account in the upper-right corner, clicked "My Account", clicked "Manage security and privacy", clicked "Update your phone numbers used for account security", checked the box next to "Authenticator app or Token" and clicked on "Set up Authenticator app" to begin the device registration process. At the moment we have 6 phones setup with the account. All 6 phones receive an authenticator prompt if someone tries to login to the admin account.
Each of our individual user accounts can register multiple devices as well.
I'm not sure why Microsoft has not commented on this thread yet, but I've been watching this for years. For us, it seems to be a functioning feature now...
Sandra Sjonbotn Brattli-Aspvik commented
Really wish this was a feature. We're a small company sharing the admin account, but at this point we are being forced to create three global admins to have access to the portal.
ja bitte umsetzen ist wichtig
May this document helps you out;
This would definitely be useful for shared mailboxes.
We have shared and i need to approve on my phone when another admin needs to authenticate
If i die they are screwed ;)
Chuko Itoje commented
More votes e.g. 2-3k, required for Microsoft to take action.
Scott Abbotts commented
I'm an O365 admin with several tenants/organizations, so to be able to use password-less authentication would make life so much easier.
But right now:
One of the prerequisites to create this new, strong credential, is that the device where it resides is registered within the Azure AD tenant, to an individual user. Due to device registration restrictions, a device can only be registered in a single tenant. This limit means that only one work or school account in the Microsoft Authenticator app can be enabled for phone sign-in.
Right now it is possible to use different devices for 2Fa on Hotmail-Accounts or OneDrive-Accounts. Definetly needed in O365 for our company! Hope you can enable this soon!
Frederick Worboys commented
Authenticator would be extremely handy on Office 365 accounts. It would be extremely helpful Authenticator can be available for use on multiple devices to negate difficulties that arise when the one nominated device fails or is lost or stolen.
This use to be possible on office365. I have just bought a new iPhone and updated my MFA codes for Google, AWS, Bitbucket, Dropbox for my new device and existing iPad. The only service that is difficult to navigate and ultimately doesn't do what I'd like it to do is Office365.
needed on Office 365!
Right now it is possible to use different devices for 2Fa on Hotmail-Accounts or OneDrive-Accounts. Definetly needed on 365 for me!
There is definitely a security need for a rolling shared secret to lock down access for a public device. Static passwords are fine for employee turnover instances, but a multi-user configurable 2FA would be ideal.
This is completely ridiculous. What if you forget your device at home? You can't work that day?
In the 21st century with several types of devices and operating systems having this limitation doesn't make any sense, even if it is for "security reasons".
I have two suggestions:
- MS Authenticator Web app - Accessible from any trusted computer
- Authy (competitor application with browser addins for Chrome and Firefox)
This would help us lock down our admin account
I use multiple devices and need the ability to switch phones, but still have access to my accounts and not rely on SMS or inputting codes. It's possible, but the service needs to allow for it.