Multi Factor Authentication (MFA) - Why does the app request so many permissions?
This article explains why the app requests permissions on your device.
Here is a full list of permissions we may ask for, and how they are used in the app. The specific permissions you see depend on the type of phone you have.
- Camera: We use your camera to scan QR codes when you add a work, school, or non-Microsoft account.
- Contacts and phone: When you sign in with your personal Microsoft account, we try to simplify the process by finding existing accounts that you use on your phone.
- SMS: When you sign in with your personal Microsoft account for the first time, we have to make sure that your phone number matches the one we have on record. We send a text message to the phone where you downloaded the app. The message contains a 6-8 digit verification code. Instead of asking you to find this code and enter it in the app, we find it in the text message for you.
- Draw over other apps: When you receive a notification to verify your identity, we display that notification over any other app that might be running.
- Receive data from the internet: This permission is required for sending notifications.
- Prevent phone from sleeping: If you register your device with your organization, they can change this policy on your phone.
- Control vibration: You have the option to choose whether you would like a vibration whenever you receive a notification to verify your identity.
- Use fingerprint hardware: Some work and school accounts require an additional PIN whenever you verify your identity. TO make the process easier, we allow you to use your fingerprint instead of entering the PIN.
- View network connections: When you add a Microsoft account, the app requires network/internet connection.
- Read the contents of your storage: This permission is only used when you report a technical problem through the app settings. Some information from your storage is collected to diagnose the issue.
- Full network access: This permission is required for sending notifications to verify your identity.
- Run at startup: If you restart your phone, this permission ensures that you continue you receive notifications to verify your identity.