Microsoft is rolling out a brand new backup system in September for its Authenticator app on iOS, eradicating the requirement to make use of a Microsoft private account to again up TOTP secrets and techniques and account names.
Beforehand, the Microsoft Authenticator app required iOS customers to check in with a private Microsoft Account to allow backups, no matter whether or not they had been utilizing the app for private or enterprise credentials.
This created issues in enterprise environments the place organizations typically prefer to preserve private and company information separated.
The brand new backup system will proceed to make use of the signed-in iCloud account to retailer the backups, however now not with the requirement to make use of a Microsoft account. If the corporate makes use of a managed Apple ID on their company units, then that might be used as an alternative of a private account.
Microsoft says this new function will start rolling out in September and might be completed by early October 2025, with customers being proven a notification in regards to the new expertise within the app, as proven under.
In-app warning about upcoming change
Supply: Microsoft
Microsoft says this function will solely be out there to customers working iOS 16.0 or later with iCloud and iCloud Keychain enabled. As soon as put in, account names and TOTP credentials (secrets and techniques) might be backed as much as iCloud and restored routinely on new units whenever you use the identical Apple account..
“Account names for all accounts within the Authenticator app—together with work or faculty accounts, Microsoft private accounts, and non-Microsoft accounts (comparable to Amazon, Google)—might be securely backed up utilizing iCloud and iCloud Keychain,” reads the Microsoft announcement.
The corporate stresses that solely TOTP secrets and techniques might be backed up and no different credentials, and that customers can disable the backup function by way of the iCloud settings on their system.
Microsoft says that this function will routinely roll out to all customers with no admin motion required.
The function comes after Microsoft’s latest announcement they’re eradicating the password autofill and administration performance from Authenticator.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key strategies utilized by cloud-fluent risk actors.
