Microsoft Authenticator May Remove functionality on GOS

Johnnyloans

Microslop*

https://www.heise.de/en/news/GrapheneOS-Microsoft-Authenticator-does-not-support-secure-Android-OS-11200495.html

bendsymbol

Johnnyloans Unrelated to the post, but when I clicked on the website, I got a popup that said "This website uses Google Play Integrity. Your device's identity will be verified by Google." and I had the option to Allow or Block. I hit block and it still let me continue read the article, but it caught me off guard because I'd NEVER seen that pop up before, nor did I know websites could use Play Integrity. Has anyone else experienced this? I opened the website in Vanadium btw.

wizoatk

Maybe, in the future, ...

A Microsoft spokesperson told heise security in response to an inquiry, “Microsoft Authenticator is not officially supported on GrapheneOS, and Entra accounts may be impacted in the future on devices running GrapheneOS that are detected as rooted.”

other8026

Edited title at @Johnnyloans' request (and also hid the posts asking for the title change).

Swaruu20

I moved to Proton Authenticator already, open source, Linux, syncing and all the rest. Good option?

Aeon

Swaruu20

I use Aegis Auth and Ente Auth. both open source.

Aegis for those that dont want any cloud sync and Ente Auth for those who want cloud sync

DohnJoe

Aeon
I was about to suggest Aegis myself, then I thought that Microsoft Authenticator might hold more features related to Microsoft world.

I would say if you don't need Microsoft environment, I am happy Aegis

neel

I'm just glad I don't work for Microsoft anymore. God, it was the worst job I ever had.

I use Google Authenticator for my 2FA.

Oggyo

This was announced in Nov. 2025 - https://discuss.grapheneos.org/d/1465-microsoft-authenticator-issue/17

However, as of today I haven't encountered any warnings yet.

@Swaruu20 @Aeon @DohnJoe, I don't think this discussion is looking for Microsoft Authenticator alternative.

By default, the TOTP auth. method is allowed for MFA. But some organizations change the policy to enforce only the push method via MS Authenticator app and removing the other options (e.g. TOTP, email, SMS).
I have to (and only) use MS Auth. for M365 sign-in at work.

Murcielago

bendsymbol

Tinkering around using Vanadium version 146.0.7680.31.0 I was unable to reproduce it trying the following:

Vanadium in Profile without Google Play Services
Vanadium in Profile with Google Play Services
JavaScript enabled/disabled
JavaScript JIT enabled/disabled
accept/reject all cookies
accept only functional cookies
access website without/with VPN (I tried different countries)
Vanadium> Site settings> Auto-verify on/off

schweizer

But so far the app works fine and even without google. I do not use the higher level EntraID features though.