The Microsoft Authenticator app is the Redmond tech giant's recommended authentication solution for customers utilizing passwordless sign-in or multi-factor authentication. The app was first released on Windows 10 Mobile (RIP) way back in 2016 and has since gone through tons of iterations to bring the latest improvements and enhancements across modern platforms. While the app is good enough for enterprise users and customers, one thing it was missing was support for U.S. federal agencies, until today.
Microsoft has announced that the Microsoft Authenticator app has achieved Federal Information Processing Standards (FIPS 140) compliance. This indicates that the app can now leverage cryptography techniques vetted by federal agencies. This is a major milestone because it means that the app can now officially be utilized by U.S. federal agencies.
It is important to note that only the iOS app for Authenticator on version 6.68 and higher is FIPS 140-compliant by default for Azure Active Directory (AAD) authentications, no IT admin configuration is required. It is applicable to customers leveraging push multifactor authentications (MFA), Passwordless Phone Sign-In (PSI), and time-based one-time passcodes (TOTP). Android support is planned for a later, currently unknown date.
Microsoft has noted that it achieved FIPS 140 compliance through Apple's native cryptography module on iOS, namely CryptoCore. We'll likely hear more about the implementation details for Android once that platform becomes compliant too.