Microsoft brings FIPS 140 Compliance to Authenticator supporting Federal Agencies

By December 9, 2022AzureAD

Many customers work in environments with security and compliance concerns requiring authenticators to use cryptography validated by the Federal Information Processing Standards (FIPS) 140 (reference NIST SP 800-63B). We’re excited that Microsoft Authenticator on iOS is now FIPS 140 compliant (Android coming soon). Authenticator version 6.6.8 and higher on iOS is FIPS 140 compliant for all Azure Active Directory (Azure AD) authentications using push multifactor authentications (MFA), Passwordless Phone Sign-In (PSI), and time-based one-time passcodes (TOTP).  


FIPS 140 compliance for Authenticator also helps federal agencies meet the requirements of Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” and healthcare organizations with Electronic Prescriptions for Controlled Substances (EPCS). 


No changes in configuration are required in the Authenticator app or Azure Portal to enable this capability. Users on Authenticator version 6.6.8 and higher on iOS are FIPS 140 compliant by default for Azure AD authentications.  


Authenticator leverages the native Apple cryptography to achieve FIPS 140, Security Level 1 compliance on Apple iOS devices. For more information about the certifications being used, reference the Apple CoreCrypto module.  


As always, we want to hear from you! Feel free to leave comments down below or reach out to us on  


Best regards,  

Alex Weinert (@Alex_T_Weinert)  

VP Director of Identity Security, Microsoft  



Learn more about Microsoft identity: 

Source link

Share this post via

Leave a Reply