My TechDecisions

IT Infrastructure

Microsoft Brings FIPS 140 Compliance to Authenticator on iOS

Microsoft is bringing FIPS 140 compliance for Microsoft Authenticator on iOS devices for organizations with security and compliance concerns.

Leave a Comment

Microsoft Authenticator FIPS iOS
stock.adobe.com/Postmodern Studio

Microsoft says it is bringing FIPS 140 compliance for Microsoft Authenticator on iOS devices for organizations with security and compliance concerns.

In a Tech Community blog, the Redmond, Wash.-based IT giant says many of its customers that work in environments with security and compliance requirements need authenticators to use cryptography validated by the Federal Information Processing Standards (FIPS) 140.

Microsoft says Authenticator versions 6.6.8 and higher on iOS are now FIPS 140 compliant for all Azure Active Directory authentication using push multifactor authentication (MFA), passwordless phone sing-in, and time-based one-time passcodes. FIPS 140 compliance will be coming to Android device soon, the company adds.

According to Microsoft, FIPS 140 compliance for Authenticator will also help federal agencies meet requirements set out in U.S. President Joe Biden’s executive order on cybersecurity, and will also help healthcare organizations comply with Electronic Prescriptions for Controlled Substances (EPCS), a rule from the U.S. Drug Enforcement Agency governing the electronic prescribing of controlled substances.

No changes in configuration are required in the Authenticator app or Azure Portal to enable this capability. Users on Authenticator version 6.6.8 and higher on iOS are FIPS 140 compliant by default for Azure AD authentications, Microsoft says.

To achieve FIPS 140 compliance, Microsoft says the Authenticator app leverages the native Apple cryptography.

The FIPS 140 compliance comes shortly after Microsoft released new features designed to imrpove the security of the tool and give IT admins more control over accidental approvals. The enhancements also includes better management with a new admin user interface and APIs.

According to Microsoft, the new admin features are designed to help protect against MFA fatigue attacks. The company says it will automatically enable critical security features to tackle shifting threat vectors, including number matching for all Authenticator users.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ