It seems something changed on MS end though because I have control of what MFA i use on our corporate acxount, which was setup with Yubikey, until about a month ago when this Use Your Outlook Mobile started on it’s own
Whatever it is, somebody at Microsoft made a mistake; it should not prompt you for Outlook Mobile Auth code when that is the actual app you are trying to sign in to, and have no way of retrieving that code. it should have review MS app and if it is Outlook Mobile then move to the next MFA option in your security list.
In this meme yeah, in my account I get the “try another way” link to let me go back to Yubikey auth option. But it shouldn’t default to Outlook auth if your are trying to sign in to Outlook, that is just lack of forethought
I mean, unless your service lets you pick individually that usually means turning on SMS. That’s probably why they have a general policy, it’s a pain in the ass to manage multiples.
This is a configuration item. Nothing to do with the app. It’s a choice your company has made.
Interesting, do you happen to know which configuration item causes this?
The one that forces you only to use ‘passwordless’ logins or forces that MFA challenge. Your admins had a choice on what they allow.
It seems something changed on MS end though because I have control of what MFA i use on our corporate acxount, which was setup with Yubikey, until about a month ago when this Use Your Outlook Mobile started on it’s own
🤷♂️ maybe it’s a bug or change
Whatever it is, somebody at Microsoft made a mistake; it should not prompt you for Outlook Mobile Auth code when that is the actual app you are trying to sign in to, and have no way of retrieving that code. it should have review MS app and if it is Outlook Mobile then move to the next MFA option in your security list.
I mean the error should be better, but there isn’t another method. They are turned off.
In this meme yeah, in my account I get the “try another way” link to let me go back to Yubikey auth option. But it shouldn’t default to Outlook auth if your are trying to sign in to Outlook, that is just lack of forethought
My admins said they see a big red “insecure” banner if they allow other 2FA apps.
I mean, unless your service lets you pick individually that usually means turning on SMS. That’s probably why they have a general policy, it’s a pain in the ass to manage multiples.