So my company decided to migrate office suite and email etc to Microsoft365. Whatever. But for 2FA login they decided to disable the option to choose “any authenticator” and force Microsoft Authenticator on the (private) phones of both employees and volunteers. Is there any valid reason why they would do this, like it’s demonstrably safer? Or is this a battle I can pick to shield myself a little from MS?
Is your company mandating Push Authentication or are you entering 6-digit codes?
If it’s the former, MS Authenticator is the only option.
If it’s the latter, you can use any TOTP app you like, e.g. Aegis.
Afaik, Microsoft’s OTP implementation is proprietary and not TOTP.
But also, my understanding is you can select which MFA schemes you can use, and allow SMS, MS MFA, and TOTP.
Source: employer used to allow sms, locked it down, and totp apps can’t parse the MS authenticator QR codes.
It might depend on configuration. In the only case of Microsoft enforced 2FA I know of, it is just TOTP. Microsoft’s web interface nudges (tries to trick) you into using the MS Authenticator app, but that app is not needed. You can use any TOTP capable 2FA app, e.g. Aegis or FreeOTP+, both of which are also available through F-Droid and don’t require internet connection.