Microsoft’s app for signing into its apps and services, Microsoft Authenticator, has been updated to send notifications when a key security event happens.
The Microsoft Authenticator app for iOS and Android devices makes it simpler for users to sign into Outlook, OneDrive, Skype and other Microsoft products like Azure Directory accounts in organizations.
Rather than typing in a password, which could be long and complex when using a password manager, Microsoft sends an in-app notification to the user’s smartphone, allowing them to press an “approve” button with a verification code in order to sign in to a Microsoft site or app on a desktop or mobile.
The app also uses on a device’s biometric sensors for approving a sign-in, such as requiring iPhone X owners to look at the device’s Face ID cameras.
Microsoft’s latest update to the Microsoft Authenticator app will send the security notifications when important events such as a password change happen on a personal Microsoft account. Users can then view their account activity and take steps to protect the account if needed.
“The goal of these notifications is to increase awareness and help you react quickly if there is unexpected activity,” explains Alex Simons from Microsoft’s Azure identity division.
The security notifications for now are available to iOS users only, but they likely will appear for Android users in the future.
Simons notes that users need to run the latest version of the iOS app available in the Apple's App Store even though the same app is also available to Android users from the Google Play Store.
“You’ll automatically start receiving alerts when we detect sensitive or unusual actions on your account, such as changing your password, adding a new phone number or email addresses, or signing in from a new device or unusual location. These notifications give you a powerful tool to understand and keep control of your account,” writes Simons.
When this occurs the Authenticator app will display a notification describing the security event and the Microsoft account it affects.
Within the app, users are presented another notification with a “Not me” and “Ok” button that needs to be selected. The notification, for example, explains that a password has been changed on a specific Microsoft account.
Microsoft says on its FAQ page about the service that when it detects a sign-in attempt from a new location or device that it adds a second layer of protection and sends the user an email message and SMS alert. It’s likely to happen when a person is traveling.
The feature could be useful to millions of Android who rely on Microsoft’s core products once it lands in the Android version of Microsoft Authenticator. The app has been downloaded more than 10 million times from Google Play.