Microsoft Authenticator app lock now enabled by default

Howdy folks,

We're always listening to your feedback about Microsoft and what we can do to make the app more secure and easier for end users. A few years ago, we released our App Lock feature in response to feedback that you wanted to make sure your app was secured by a PIN or biometric. Last month, we expanded App Lock's protection. Now, if App Lock is enabled, when you approve any notification, you'll also have to provide your PIN or biometric.

With our latest release, as part of our effort to make your sign-in experience even more secure, App Lock will be enabled by default if you've set up a PIN or biometric on your device.


Try it out

If you don't have the Microsoft app yet, get it here. You'll need to be on version 6.4.22+ on iOS to try this out.

We've been rolling out this feature to iOS TestFlight starting today, and we'll be gradually rolling out to all users over the next few weeks. The update will come to Android next month.

How different notifications will work

and MSA MFA notifications

Currently, when the notification arrives on the phone, you can click approve/deny from the lock screen. However, when app lock is enabled, you will have to launch the app (on iOS) or launch a dialog (on Android) before you can click approve/deny, and you'll also need to provide an additional PIN/bio gesture to successfully . Thus, even if you leave your phone unlocked on your desk and walk away, a passerby cannot approve the notification for you.


Enterprise on-premise MFA notifications that already require a PIN

The flow will remain as it is today. After you interact with the notification, you will need to provide your MFA pin (not your device pin). In subsequent approvals, you will have the option to use your device bio gesture instead of your MFA pin.

and MSA Phone sign-in notifications

The flow will remain as it is today.

Additional questions

If you have questions, check out our FAQ page.

Also, we want to hear from you! Feel free to leave comments down below or reach out to us on Twitter (@AzureAD)

Best regards,

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

Learn more about Microsoft identity:


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.