You can use the Microsoft Authenticator app to add an additional layer of security during self-service password resets/account unlocks, ADSelfService Plus logins and Windows logins.
How users verify their identity?
Once enabled, users verify their identity by entering the one-time passcode generated by their Microsoft Authenticator app.
Enabling Microsoft Authenticator as an authentication technique.
Go to Configuration section → ulti-factor Authentication → Configuration tab → Microsoft Authenticator.
Select the policy for which the Microsoft Authenticator is to be configured.
Click the Enable Microsoft Authenticator button.
You now have the option to configure the authenticator settings for:
Self-service password resets/account unlocks: Go to Authenticator Settings → MFA for Reset/Unlock. Select Microsoft Authenticator from onfigure authenticator for reset/unlock drop-down.
ADSelfService Plus logins: Go to Authenticator Settings → TFA for ADSelfService Plus logins. Select the nable authenticators for ADSelfService Plus logins checkbox, and select Microsoft Authenticator from the drop-down.
Windows logins: Go to Authenticator Settings → TFA for ADSelfService Plus logins. Select the Enable authenticators for Windows logins checkbox, and select Microsoft Authenticator from the drop-down.