Redmond plans to achieve this by including MFA capabilities in the Outlook email client. According to a new Microsoft 365 roadmap entry, users can directly complete MFA requests for Microsoft 365 apps in the Outlook app through a new feature called Authenticator Lite.
The feature will provide users with an extra layer of security when logging into their work or school account through Outlook.
The new feature will be available in the Outlook mobile apps for iOS and Android devices, requiring users to enter a code or approve a notification after entering their password.
Boost MFA adoption
Microsoft’s decision aims to boost MFA adoption among Microsoft 365 users. Outlook has a more extensive user base than Microsoft’s Authenticator app, with more than 500 million downloads on Android and 5.5 million reviews on iOS. In contrast, the Authenticator app has 50 million downloads on Android and 233,100 reviews on iOS.
Once rolled out, the new Authenticator Lite feature will enable millions more Microsoft 365 customers to use MFA to secure their accounts. With MFA authentication integrated directly into Outlook mobile apps, users can authenticate their sessions easily without switching between multiple apps.
Alex Weinert, Microsoft’s Director of Identity Security, noted that MFA reduces the risk of account compromise by more than 99.9%, regardless of the password, and makes it harder and costlier for attackers to break into accounts.
A study showed that less than 0.1% of accounts using any MFA were compromised. In the same effort to encourage MFA adoption, Microsoft-owned GitHub announced that two-factor authentication (2FA) would be mandatory for all active developers from today.
According to Microsoft’s estimations, the new Authenticator Lite feature will be available worldwide by the end of the month. With Microsoft’s strategic move to take advantage of Outlook’s user base, the company will likely see increased adoption of MFA across the Microsoft 365 platform.
By enabling Authenticator Lite, Microsoft reinforces its commitment to providing users with secure and robust authentication solutions to protect their accounts.
Also read: Diary of a ransomware attack: attack, recovery, best practices