![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 53%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 92%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Hello
Yes, it is possible to restrict 2FA authentication to go through the Microsoft Authenticator app published under a work profile only. This can be achieved by managing user consent to apps in Microsoft 365.
In the Microsoft 365 admin center, you can go to the Settings > Org settings > Services page, and then select User consent to apps. On the User consent to apps page, you can select the option to turn user consent on or off. This allows you to control which apps users can consent to and use.
However, it’s important to note that this might not completely block external authenticators like Google Authenticator or other authentication apps saved in phone or browser extensions. These settings are typically managed at the organization level and may require additional configuration or policy enforcement.