9,310 questions
Microsoft Authenticator App for Android: Backup and Account Management Questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 89%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Shane King
86
Reputation points
Recent discussions with a client raised important questions regarding the behavior of the Microsoft Authenticator app. These questions remain unanswered in public forums and official documentation, due in some part to conflicting advice. We are seeking definitive guidance from Microsoft to clarify the following scenario and concerns.
Scenario
A user has multiple logins configured in the Microsoft Authenticator app, including both Microsoft and non-Microsoft accounts, all using the app for multi-factor authentication (MFA).
Questions
- Backup Scope: When a user backs up their Authenticator app, are all configured accounts and logins included in the backup, including non-Microsoft accounts?
- Restore on Same Device: After restoring the backup on the same mobile device, will the user be able to access all accounts and log into associated resources without any errors or further configuration?
- Restore on New Device: When restoring the backup on a new mobile device, can the user expect a seamless experience with full access to their accounts, or will additional steps/configuration be required?
- Personal MSFT Account for Backup: If the Authenticator app was backed up using a personal Microsoft account, and the user later loses access to that account, how can they recover their MFA configurations — particularly if the user is an organization’s Microsoft 365 admin? Our concern is that losing access to the personal Microsoft account could prevent access to critical M365 admin capabilities.
- Backup Data Location: Are the backups from the Authenticator app stored in the same region/geolocation as the user?
- Notification: If non-MSFT accounts are not backed up in the app, why does it not declare this or prevent users from adding non-MSFT accounts to the app?
- Supplemental Backup Options: Are there supplemental backup options that would allow a user to back up the remaining equally critical non-MSFT MFA accounts?
- Exchange Online: Where an organization has subscribed to Exchange Online, what are the recommendations for Break-Glass accounts? Is the expectation that the customer purchase additional Exchange Online subscriptions to allow for an unauthenticated admin-level login?
A direct response from someone with authoritative insight at Microsoft would be appreciated, as the current documentation and community forums do not address these questions with the clarity and depth required for enterprise or government environments.
Microsoft Security | Microsoft Authenticator
Sign in to answer