MS365 MS Authenticator App Cloud Backups

visibleman

visibleman

visibleman

Soldato
Joined
3 Jun 2005
Posts
3,287
Location
The South
Hi all,

I have tried contacting MS over this but i keep getting thrown around departments with support not really knowing what the correct answer is so, a quick one for those that manage MS365 tenants - i ideally want to enable cloud backups but it's seems a personal Microsoft account is required for recovery and to enable the option.

I'm assuming you can't but, can you get away with a single "company" personal account and use that on all MS authenticator devices as the recovery account?
Or, do you have to sign every user up with their own personal MS account (on top of their 365 account) for recovery - which seems to be the daftest idea?

Alternatively, can you use other third-party MFA/2FA apps (Authy, password managers etc) instead of MS Authenticator?
Did quickly try with Keeper but it didn't seem to like the QR code :(

Cheers :)
 
visibleman said:
Alternatively, can you use other third-party MFA/2FA apps (Authy, password managers etc) instead of MS Authenticator?
Click to expand...

Authy works because it's what I use and what multiple tenants use I manage. We have different tenants wanting different ways when it comes to 2FA.

A) Some don't want to use it (We can't force them) (2FA/MFA turned off completely)
B) Some want 2-4x devices with Authy installed (same account) where users go to an authorised person to log in. Multiple accounts can be used on the same Authy login.
C) Some want every member of staff to have their own 2FA login on Authy on each work device owned, each login and the staff log in by themselves.

We only ever use authy and it works. This includes account backups as well. It's a bit of a o-ar-o-ar scenario.

Just to note - authy can be installed on a PC as well so say for example you only want 2 managers to access it, just install it on them 2 desktops and have people go to them to auth their account.

When we first started enabling companies it was an absolute mess but we have a handle over it now. Bit of extra advice make sure you put it in notes who is using what and what accounts has access to what because it can get messy very fast when people loose devices e.t.c!
 
Last edited:
@GaryTheSnail - Much appreciated for that and yup, a third-party app seems to be the better solution as i've yet to work out how to do backups without a personal MS account attached in Authenticator - just a shame someone already rolled it out, with users already enrolled, without thinking much about when Sally loses her phone
headbang.gif
 
visibleman said:
@GaryTheSnail - Much appreciated for that and yup, a third-party app seems to be the better solution as i've yet to work out how to do backups without a personal MS account attached in Authenticator - just a shame someone already rolled it out, with users already enrolled, without thinking much about when Sally loses her phone
headbang.gif
Click to expand...

I've kept away from MS Authenticator for this reason. If I was you I would get them transferred over if you are looking after it.

If people lose their devices, you need a backup plan otherwise people just won't be able to get into accounts - and that's a big problem.
 
Last edited:
GaryTheSnail said:
I've kept away from MS Authenticator for this reason. If I was you I would get them transferred over if you are looking after it.

If people lose their devices, you need a backup plan otherwise people just won't be able to get into accounts - and that's a big problem.
Click to expand...
That is what is being discussed now along with getting users to add a backup MFA authenticator (SMS etc) in case - worst case we can reset MFA on individual basis but i can see some users not liking having to re-enroll.
Luckily, this isn't a MSP/MSSP scenario but it's still a headache for a SMB.
 
You must log in or register to reply here.
Back
Top Bottom