How Can We Help?

Microsoft Authenticator Lite

You are here:
< All Topics

User registration

If enabled for Authenticator Lite, users are prompted to register their account directly from Outlook mobile. Authenticator Lite registration isn’t available by using MySignIns. Users can also enable or disable Authenticator Lite from within Outlook mobile. For more information about the user experience, see Authenticator Lite support.

Screenshot of how to register Authenticator Lite.


If they don’t have any MFA methods registered, users are prompted to download Authenticator when they begin the registration flow. For the most seamless experience, provision users with a Temporary Access Pass (TAP) that they can use during Authenticator Lite registration.

Push notifications in Authenticator Lite

Push notifications sent by Authenticator Lite aren’t configurable and don’t depend on the Authenticator feature settings. The settings for features included in the Authenticator Lite experience are listed in the following table. Every authentication includes a number matching prompt and does not include app and location context, regardless of Microsoft Authentiator feature settings.

Authenticator FeatureAuthenticator Lite Experience
Number MatchingEnabled
Location ContextDisabled
Application ContextDisabled

The following screenshots show what users see when Authenticator Lite sends a push notification.

Screenshot of push notification in Outlook mobile.

Common questions

Are users on the legacy policy eligible for Authenticator Lite?

No, only those users configured for Authenticator app via the modern authentication methods policy are eligible for this experience. If your tenant is currently on the legacy policy and you are interested in this feature, please migrate your users to the modern auth policy.

Does Authenticator Lite work as a broker app?

No, Authenticator Lite is only available for push notifications and TOTP.

Can Authenticator Lite be used for SSPR?

No, Authenticator Lite is only available for push notifications and TOTP.

Is this available in Outlook desktop app?

No, Authenticator Lite is only available on Outlook mobile.

Where can users register for Authenticator Lite?

Users can only register for Authenticator Lite from mobile Outlook. Authenticator Lite registration can be managed from

Can users register Microsoft Authenticator and Authenticator Lite?

Users that have Microsoft Authenticator on their device can’t register Authenticator Lite on that same device. If a user has an Authenticator Lite registration and then later downloads Microsoft Authenticator, they can register both. If a user has two devices, they can register Authenticator Lite on one and Microsoft Authenticator on the other.

Known Issues

SSPR Notifications

TOTP codes from Outlook will work for SSPR, but the push notification will not work and will return an error.

Logs are showing additional Conditional Access evaluations

The Conditional Access policies are evaluated each time a user opens their Outlook app, in order to determine whether the user is eligible to register for Authenticator Lite. These checks may appear in logs.

[arrow_forms id="12763"]
Was this article helpful?
0 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents