M365 Changelog: (Updated) Microsoft Authenticator Lite in Outlook

MC532607 – Updated May 17, 2023: Today Microsoft is starting rollout for Authenticator Lite (in Outlook) to enter GA! The Microsoft managed value of this feature will be changed from ‘disabled’ to ‘enabled’ on June 9th. Microsoft has made some changes to the feature configuration, so if you made an update before GA (5/17), please validate that the feature is in the correct state for your tenant prior to June 9th. If you do not wish for this feature to be enabled on June 9th, move the state to ‘disabled’ or set users to include and exclude groups.

Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication for their work or school account using Outlook on their iOS or Android device. This feature will be enabled on June 9th for all tenants that have not disabled it. If you do not wish for this feature to be enabled on June 9th, move the state to ‘disabled’ or set user include and exclude groups prior to June 9th.

Microsoft always recommends having users download Authenticator to complete their sign-ins, where it can offer the most up-to-date security features. However, users that have not downloaded the app to their device can now approve authentication requests and receive TOTP codes in Outlook, bringing the security of Authenticator to a convenient location.

Admins can enable this feature by leveraging the Authentication Methods policy in Azure Active Directory. 

This message is associated with Microsoft 365 Roadmap ID 122289

When this will happen:

Rollout of this feature in Outlook will begin in early March, starting public preview. Feature controls are available via MS Graph.

This feature will move to general availability in mid-May 2023

On June 9th, this feature will be enabled for all users by default unless admins have taken action to disable or enable it before then. Any settings configured before June 9th will not be changed.

What you need to do to prepare:}

Starting mid-March, you can choose to enable this preview for your users from Azure Active Directory. Microsoft highly recommends that you enable users that are not already using the Microsoft Authenticator app (or another strong authentication method) for this feature at the start of public preview. This feature brings a security enhancement to those users still using telecom transports to authenticate.

This feature will roll out to tenants in the state ‘Microsoft managed’. For the duration of public preview, leaving the feature set to ‘Microsoft managed’ will have no impact on your users and the feature will remain turned off. In April 2023, Microsoft will remove preview tags and enter general availability. At GA, ‘Microsoft managed’ will remain set to disabled and there will be no tenant impact. On June 9th 2023, if the feature is still set to ‘Microsoft managed’, your tenant will be eligible to be enabled for this feature by Microsoft, as ‘Microsoft managed’ will be set to enabled. If you do not wish for this feature to be enabled on June 9th, move the state to ‘disabled’ or set users to include and exclude group prior to June 9th

View image in new tab

Additional information