Loading...
D365Hub

Microsoft brings FIPS 140 Compliance to Authenticator supporting Federal Agencies

Image

Many customers work in environments with security and compliance concerns requiring authenticators to use cryptography validated by the Federal Information Processing Standards (FIPS) 140 (reference NIST SP 800-63B). We're excited that Microsoft Authenticator on iOS is now FIPS 140 compliant (Android coming soon). Authenticator version 6.6.8 and higher on iOS is FIPS 140 compliant for all Azure Active Directory (Azure AD) authentications using push multifactor authentications (MFA), Passwordless Phone Sign-In (PSI), and time-based one-time passcodes (TOTP).  

 

FIPS 140 compliance for Authenticator also helps federal agencies meet the requirements of Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” and healthcare organizations with Electronic Prescriptions for Controlled Substances (EPCS). 

 

No changes in configuration are required in the Authenticator app or Azure Portal to enable this capability. Users on Authenticator version 6.6.8 and higher on iOS are FIPS 140 compliant by default for Azure AD authentications.  

 

Authenticator leverages the native Apple cryptography to achieve FIPS 140, Security Level 1 compliance on Apple iOS devices. For more information about the certifications being used, reference the Apple CoreCrypto module.  

 

As always, we want to hear from you! Feel free to leave comments down below or reach out to us on aka.ms/AzureADFeedback.  

 

Best regards,  

Alex Weinert (@Alex_T_Weinert)  

VP Director of Identity Security, Microsoft  

 

 

Learn more about Microsoft identity: 

Learn more
Author image

Azure Active Directory Identity Blog articles

Azure Active Directory Identity Blog articles

Share post:

Related

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!

* Yes, I agree to the privacy policy