M365 Changelog: Microsoft Authenticator Lite (for Outlook) Support in Legacy, Per-user MFA Policy

MC664476 – Microsoft has recently made Microsoft Authenticator Lite (for Outlook) Generally Available. Until now, a prerequisite to using this feature was to have Microsoft Authenticator enabled in the modern Authentication methods policy. We’re now also making it available as a part of the “Notifications through mobile app” method in the legacy, per-user MFA policy

Note: Microsoft strongly recommends migrating your authentication methods to the Authentication methods policy. The ability to manage authentication methods in the legacy, per-user MFA policy will be retired September 30th, 2024. 

When this will happen:

Starting mid-September 2023, Microsoft will update the “Notification through mobile app” method in the legacy, per-user MFA policy where if it’s enabled, then Microsoft Authenticator Lite is also enabled. 

How this will affect your organization:

If your organization still manages authentication methods in the legacy, per-user MFA policy and “Notification through mobile app” is enabled as a method there, users who aren’t already using the Microsoft Authenticator app will see the option to set up Microsoft Authenticator Lite in Outlook.

What you need to do to prepare:

If your organization doesn’t want use Microsoft Authenticator Lite, you’ll need to update where you manage Microsoft Authenticator as an authentication method in order to disable Authenticator Lite. You can do so by following these steps:

  1. Navigate to the modern, Authentication methods policy in the Microsoft Entra admin center.
  2. Select the Microsoft Authenticator method.
  3. Enable the method under the “Enable and Target” tab.
  4. Disable Microsoft Authenticator on companion applications under the “Configure” tab.
  5. Navigate to the legacy, per-user MFA policy.
  6. Under verification options, disable “Notification through mobile” app as a method there.

You can continue to manage the remainder of your authentication methods in the legacy, per-user MFA policy while Microsoft Authenticator is managed in the Authentication methods policy.

If you’d like to inform your end users about the new Authenticator Lite experience, consider using the templates here.

Additional information