Add Microsoft Authenticator to Approved Client App
Currently the "Require approved client app" list of apps does not include the Microsoft Authenticator app, thus preventing adoption of cool features such as 'passwordless sign-in' which is apparently signing in as the user and therefore getting blocked.
This is a problem we’re aware of and working on how best to address this use case.
Martin Lapos commented
Authenticator is still missing in the list of approved client apps and passwordless sign-in is still failing on the CA policy, if we require approved client app.
Any update from the Azure AD Team?
Nick Donovan commented
I don't know if I'm also having a similar issue. Currently we are trying to build a LOB application for iOS. I am using MS Authenticator to handle to brokering of the authentication for my LOB app to Azure. We would like to use this app on both MDM and MAM-WE devices. We have the two options ticked in our conditional access policy which grant access: 'Require device to be marked as compliant' or 'Require approved client app'. Either of these will grant access from our CA policy.
Obviously coming from a MAM-WE device then the device will not be compliant as it is not enrolled. However if I turn this option off then I will be presented with: "You can't get there from here. It looks like you are trying to open this resource with an app that hasn't been approved by your IT department. Ask them for a list of approved apps." This comes from the second option in my CA policy. I am receiving this message from a web view within the MS Authenticator iOS app.
If MS Authenticator gets added as an approved app will this CA policy pass and let me access my LOB app?
Been struggling to find something about this.