Azure-docs: Please support Privacy
I am looking for a privacy conscious way to get 2FA to work with Azure which I can use myself and recommend to colleagues.
What I've tried before:
- searched but didn't find the Microsoft Authenticator App on the F-Droid store
- searched but didn't find the source code of the Authenticator App on github for review
- looked at the FAQ if there is a link to the source code of F-Droid mentioned somewhere
- looked at an existing 2FA open source app (e.g. Aegis https://github.com/beemdevelopment/Aegis) that can be used instead of Google Authenticator to see if they supported azure as well but found only:
https://github.com/beemdevelopment/Aegis/issues/25
IMHO supporting Aegis sounds like the best choice, because:
- they already have support for Google Authenticator, Github, Instagramm and Facebook
- and you don't need an additional app.
- also according to the aforementioned issue, they already looked at supporting azure themselves - so maybe they would do all the work.
Alternatively, open sourcing the app would also work, because:
- it would allow a code review
- and allow the creation of a F-Droid package.
What do you think?
Take care,
Martin
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 640b9158-3bba-2f76-b9f1-c2660e530062
- Version Independent ID: d6d2980d-b36b-9dc3-5c0c-4abed8d19ae2
- Content: Download and install the Microsoft Authenticator app - Azure AD
- Content Source: articles/active-directory/user-help/user-help-auth-app-download-install.md
- Service: active-directory
- Sub-service: user-help
- GitHub Login: @curtand
- Microsoft Alias: curtand
8
All 6 comments
@8 Thanks for the question! We are investigating and will update you shortly.
CHEEKATLAPRADEEP-MSFT
on 9 Feb 2020
I'm not familiar with Azure, but Aegis does work with Office 365 if you select "Setup application without notifications", so perhaps there's a similar option in Azure.
alexbakker
on 10 Feb 2020
@alexbakker, Thank you for reaching out. The MFA engine (PhoneFactor Service) is the only MFA service which is used by Azure AD as well as O365. I would suggest you to test the same app with Azure AD once and check if that gets you the MFA done. As far as I think it should work, but you can test and confirm the same. From my end I will also try to test this out once and share my findings.
I will keep you updated with my findings.
souravmishra-msft
on 11 Feb 2020
@alexbakker, I just tried using the Ageis Authenticator app with Azure for doing the 2FA and it works fine. To set that up, you need to follow the following steps:
- Login to https://aka.ms/mfasetup
- From the Dropdown, select "Use verification code from app or token"
- Check the Authenticator app or Token checkbox and select "Set up the Authenticator App"
- Once the dialog box opens up, check for the option "Configure app without notifications", select the option.
- Once you select that option, you would see a new QR code being generated, and an Account Name and Secret Key being displayed. You can either scan this QR code using your Ageis 2FA app or use the information like Account Name and Secret Key to set the account manually.
The steps mentioned above works fine with Google Authenticator app also.
Hope this helps.
souravmishra-msft
on 11 Feb 2020
closing this thread now
souravmishra-msft
on 13 Feb 2020
Thanks a lot, without your explanation I would not have been able to get it working! It worked with Aegis! :)
Later in the progress, azure still asks for a phone number as a second method, but it's possible to cancel that and the login still works.
Take care,
Martin
8
on 17 Feb 2020
Related issues
paulmarshall
·
3Comments
monteledwards
·
3Comments
varma31
·
3Comments
behnam89
·
3Comments
AronT-TLV
·
3Comments
Most helpful comment
@alexbakker, I just tried using the Ageis Authenticator app with Azure for doing the 2FA and it works fine. To set that up, you need to follow the following steps:
The steps mentioned above works fine with Google Authenticator app also.
Hope this helps.