Authentication Method - Microsoft Authenticator - Allow use of Microsoft Authenticator OTP
Defines if users can use the OTP code generated by the Authenticator App.
| Name | isSoftwareOathEnabled |
| Control | Authentication Method - Microsoft Authenticator |
| Description | Define configuration settings and users or groups that are enabled to use Authenticator App |
| Severity | High |
How to fix
Microsoft Learn - Enable OTP for Authenticator App
Details of configuration item
| Recommendation | CISA MS.AAD.3.3v2 recommends disabling Microsoft Authenticator OTP. We recommend using this method only if no stronger MFA option is available, or if it is needed for specific restore scenarios. Make sure you have configured authentication strength to require stronger and phishing-resistant authentication methods, in order to enforce stronger authentication than OTP in all other scenarios. |
| Configuration | policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator') |
| Setting | isSoftwareOathEnabled |
| Recommended Value | 'false' |
| Default Value | true |
| Graph API Docs | microsoftAuthenticatorAuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |