Microsoft will soon accelerate multi-factor authentication (MFA) for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client.
The company says in a new Microsoft 365 roadmap entry that users can complete MFA requests for Microsoft 365 Apps directly in the Outlook app via a new feature called Authenticator Lite.
Authenticator Lite allows users to sign in to their work or school accounts through Outlook with an extra layer of security.
The feature will be available in Outlook mobile apps for iOS and Android devices and will likely require users to enter a code or approve a notification after entering their password.
“Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication (MFA) for their work or school account using the Outlook app on their iOS or Android device,” explains Microsoft .
Currently, Microsoft 365 MFA requests can be completed using verification codes obtained via an authenticator app (Microsoft’s authenticator app or third-party authenticator apps), security key, phone call, or text messages.
Once the new Authenticator Lite capabilities are rolled out to Outlook users worldwide (by the end of the month, Microsoft estimates), they will also be able to complete authentication requests in Outlook.
Leveraging the Outlook user base
Microsoft’s decision could boost MFA adoption among Microsoft 365 users, since Outlook has a much larger user base than Microsoft’s authenticator app.
The Outlook app has more than 500 million downloads on Android and 5.5 million reviews on iOS, while the Authenticator app has 50 million downloads on Android and 233,100 reviews on iOS.
Once launched, the new Authenticator Lite feature will enable hundreds of millions more Microsoft 365 customers to enable and use MFA to secure their accounts.
By integrating MFA authentication directly into Outlook mobile apps, it becomes much easier for users to authenticate their sessions without having to switch between multiple apps.
Microsoft’s director of identity security, Alex Weinert, said a few years ago that MFA reduces the risk of account compromise by more than 99.9%, regardless of the password.
Weinert added that MFA makes it more difficult and costly for attackers to break into accounts. He cited a study that showed less than 0.1% of accounts using MFA were compromised.
As part of the same push to encourage MFA adoption, Microsoft’s GitHub announced that starting today, two-factor authentication (2FA) will be mandatory for all active developers.
