What Microsoft Authenticator does
Microsoft Authenticator offers several authentication methods, including push notifications, verification code entry (number matching), and Time-based One-Time Password (TOTP) codes. It also facilitates passwordless sign-in using Microsoft Entra ID and provides a secure storage location for passkeys, enabling FIDO2 authentication. The app supports both personal and work accounts, simplifying credential management and enhancing security for users.
Microsoft Authenticator in Australian tenants today
In Australia, Microsoft has defaulted to number matching as the primary MFA method within Microsoft Authenticator, reflecting a shift away from SMS-based MFA, as recommended by the ACSC Essential Eight. Organisations are actively migrating users from SMS to more secure MFA options to mitigate risks associated with SIM swapping and interception. Microsoft is progressively rolling out passkey support through the Authenticator app, aligning with evolving security standards and the Australian Voluntary AI Safety Standard’s emphasis on secure authentication methods. Compliance with APRA CPS 234 and CPS 230 requires robust MFA controls.