Using an Apple Watch as a device to authenticate access to corporate sites and services using Microsoft Authenticator is a convenience that is about to disappear. Microsoft says the feature will stop working after an Authenticator update scheduled for next month.
Apple Watch authentication output
Microsoft Authenticator makes it easy to sign in to supported Microsoft accounts, apps, or services using two-step verification. The authenticator also generates one-time codes, so you don't have to wait for texts or calls to access your accounts.
Sites, Software, and Services use two-factor authentication (also called multi-factor authentication) to prevent people from accessing your accounts, even if they know your passwords.
The decision to remove support means that the authenticator you may already be using with your watch will no longer work. And it will no longer be possible to download the application for the popular mobile. (However, the authenticator will still work with your iPhone.)
Why Microsoft is withdrawing support
Microsoft said the removal of support was because the Apple Watch would no longer support certain Authenticator security features. As I understand it, this is probably related to the number matching that Microsoft will apply in the Authenticator starting in February; It is not compatible with Apple Watch.
On a support page explaining the move, Microsoft said:
"In the next release of Authenticator in January 2023 for iOS, there will be no companion app for watchOS because it is incompatible with Authenticator security features. This means that you will not be able to install or use Authenticator on Apple Watch..."
"This change only affects Apple Watch, so you'll still be able to use Authenticator on your other devices."
The effect of the change is probably limited. Not only will it be possible to use iPhones with Authenticator, but there are also alternative systems that can work together with Microsoft. And we know that Apple, Microsoft, Google and others want to replace passwords with Passkeys.
These promise to provide a more convenient and secure alternative for security; it seems inevitable that biometrics, like the Apple Watch, will eventually be part of that future. Look at this place.
Halftime…
there are alternatives
Apple now has an authentication tool built into iOS that you can access and use under Passwords in Settings, though that may not be enough to replace Microsoft's own security. There are alternative tools for managing two-factor authentication that still offer an Apple Watch app. Authy is one such tool, but it may not be acceptable in your company because it doesn't support MSAuth claims.
If the alternative works within your company's security policy, Authy can be configured to replace Authenticator while controlling access to Microsoft services. The process for doing this is described in an Authy support note, available here. There's also a detailed Reddit discussion of alternatives to the Authenticator (including some reviews of the available options) here.
There are also other alternatives that work with iPhone, some of which don't necessarily offer Apple Watch apps, such as Google Authenticator, LastPass, WatchGuard, Auth0.
How to remove Microsoft Authenticator from Apple Watch
There are two ways to remove the app from your watch once it becomes useless, one using the watch and the other using your iPhone.
Follow these steps to remove an app from the watch:
- Press the Digital Crown to view your apps.
- Touch and hold the screen until you see Show options when you tap Switch apps.
- Tap the Remove button for Authenticator, then tap Remove to confirm the removal.
- Press Digital Crown once the app is removed.
To remove the app on your iPhone, open Watch > My Watch and scroll down to find Authenticator, tap on it and turn off Show app on Apple Watch.
Follow me on Mastodon or join me at AppleHolic's bar & grill and Apple discussion groups on MeWe.
Copyright © 2022 IDG Communications, Inc.