Today I have news to share about another great new feature in Microsoft Entra. Time-based one-time passcode (TOTP) as an MFA option is now generally available for Azure Active Directory (Azure AD)! In this release, we fixed some accessibility issues to provide customers with a reliable and secure MFA option that works for all users and devices. Huge thanks to our customers who rolled this out and gave us feedback during the public preview.
Integrating a time-based OTP with an authenticator app as a second factor in B2C scenarios user flows enables a higher level of security compared to existing email and phone factors. In my previous blog post I also mentioned how this can help users by eliminating the need for users to wait for codes to arrive in email or text messaging apps. The short lifespan of OTP codes also makes them very hard for attackers to intercept.
Time-based OTP for Azure AD user accounts work great with any authentication application that supports TOTP. We recommend using Microsoft Authenticator which uses encrypted bi-directional communication for authentication status.
Read the documentation and learn how you can set up time-based OTP for your Azure AD B2C scenario applications.
We love hearing from you, so please share your feedback on these updates through the Azure forum or by tagging @AzureAD on Twitter.
Robin Goldstein Director of Product Manager, Microsoft identity team Twitter: @RobinGo_MS