Outlook app to get built-in Microsoft 365 MFA on Android, iOS

Microsoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client.

The company says in a new Microsoft 365 roadmap entry that users will be able to complete MFA requests for Microsoft 365 apps directly in the Outlook app via a new feature dubbed Authenticator Lite.

With Authenticator Lite, users will be able to log into their work or school account via Outlook with an extra layer of security.

The feature will be available in Outlook mobile apps for iOS and Android devices, and it will likely require users to enter a code or approve a notification after entering their password.

"Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication (MFA) for their work or school account using the Outlook app on their iOS or Android device," Microsoft explains.

At the moment, Microsoft 365 MFA requests can be completed using verification codes obtained via an authentication app (Microsoft's Authenticator app or third-party authenticator apps), a security key, a phone call, or text messaging.

Once the new Authenticator Lite capabilities roll out to Outlook users worldwide (until the end of the month, according to Microsoft's estimations), they will also be able to complete authentication requests in Outlook.

Taking advantage of Outlook's user base

Microsoft's decision could boost MFA adoption among Microsoft 365 users, as Outlook has a much larger user base than Microsoft's Authenticator app.

The Outlook app has more than 500 million downloads on Android and 5.5 million reviews on iOS, while the Authenticator app has 50 million downloads on Android and 233,100 reviews on iOS.

Once rolled out, the new Authenticator Lite feature will allow hundreds of millions more Microsoft 365 customers to enable and use MFA to secure their accounts.

Integrating MFA authentication directly into Outlook mobile apps, will make it much easier for users to authenticate their sessions without switching between multiple apps.

Microsoft's Director of Identity Security, Alex Weinert, said several years ago that MFA reduces the risk of account compromise by more than 99.9%, regardless of the password.

Weinert added MFA makes it harder and costlier for attackers to break into accounts. He cited a study that showed less than 0.1% of accounts using any MFA were compromised.

As part of the same push to boost MFA adoption, Microsoft-owned GitHub announced that two-factor authentication (2FA) will be mandatory for all active developers starting today.