ms365 MFA with authenticator?

[mrtdc]

Hi, I am attempting to determine if this authenticator app is expected to support MS365 MFA feature set, or not.
ideally if others can give feedback such as "nope, only supports google steam battlenet" ?
or
"yes, it should work, but I have not tested"
or
"yes it should work but my tests fail"
or
"Yes it works great for me" ?

So far I've got a MS365 account with MFA-enabled-not-enforcing
when I login to the account in my web browser at portal.office.com
MS365 redirects me to the 'time to get more information....' page and then allows me to do MFA App setup.
I proceed as if I plan to setup a smartphone app. It shows me a QR Code on my laptop web browser page.
I use the "Authenticator" App and tell it I wish to add new account. It allows me to "SCAN" the QR Code by mouse-click-drag.
Once I do this. A pop-up appears indicating it will communicate with some URL on Azure. Which sounds like - the data being decoded from the QR Code for the AuthAppSetup (?)
after I say OK
nothing happens

I have no new entry in the authenticator app
I can't see how to make it proceed

so I am unclear if I am somehow doing something wrong (although there is not a lot of room for error, ie, pretty simple-straightforward process)
OR
if the problem is that the app is known to not-work with MS365 for example, and therefore I should just abandon this attempt and move on to see if another solution exists for a browser-plugin-app for MS365 AuthApp.
(Currently MS tell me, nope we won't have this feature, use the smartphone MFA app, have a nice day).

Any feedback or comments - is greatly appreciated.

Thanks,

Tim

[Sneezry]

nope, only supports google steam battlenet (google here means generic TOTP follows RFC 6238 which is supported by Google official mobile app - Google Authenticator)

However, you might be able to use generic TOTP instead of AAD which is only supported by Microsoft Authenticator App. You can see more details here: #632

[mrtdc]

Thanks for this feedback! It pointed me in correct direction for more google searches with correct words. I have found a thread, https://techcommunity.microsoft.com/t5/azure-active-directory-identity/google-authenticator-app-amp-office-365-mfa/m-p/108612 which specifically tells me this solution,

…

--paste-- Open the security verification page for your user: https://aka.ms/MFASetup Check the Authenticator app box, and click the Configure button. Click the Configure app without notifications URL Now scan the QR code with your app and configure like normal. It seems like Microsoft really go out of their way to obscure the fact that you don't actually need Microsoft Authenticator to use this factor for authentication.

--endpaste-- And it works perfectly.

-- once you do the 'secret added step' of 'configre app without notification URL' and then "scan that QR CODE" instead of what was initially visible

-- then the account picks up and works perfectly in the "Authenticator" web-extension-app perfectly.

-- and I was able to do a challenge-response to validate, ie, in MS365 config page told it to verify. Then noted the 6-digit code visible in the new MS365 account in my 'web browser extension authenticator app' and punch that in to the ms365 mfa setup validate page.  Bouf, it is happy. Save settings, close, it is good and active now So.  The MS365 implementation does appear to be standard-based MFA but only if you precisely force it to generate a QR Code which is not tailored to work ONLY with the MS365 Smartphone MFA App.  But rather use the 'configure without notifications URL' option.  Which could be loosely translated to mean maybe "Do a generic MFA App config not the MS MFA App".  Funny they don't use clear words to say what they mean? Ah well. Woot. Tim Tim Chipman Fortech I.T. Solutions (902) 442-6633 http://FortechITSolutions.ca

---- On Fri, 21 May 2021 08:56:10 -0300 Zhe Li ***@***.***> wrote ---- nope, only supports google steam battlenet (google here means generic TOTP follows https://datatracker.ietf.org/doc/html/rfc6238 which is supported by Google official mobile app - Google Authenticator) However, you might be able to use generic TOTP instead of AAD which is only supported by Microsoft Authenticator App. You can see more details here: #632 — You are receiving this because you authored the thread. Reply to this email directly, #673 (comment), or https://github.com/notifications/unsubscribe-auth/AD3QXSKMFSPJWRKC4EMLMYDTOZC5VANCNFSM45I4YPNQ.