NPS Extension and Microsoft Authenticator Lite

[landon-lengyel]

As far as I can tell, the NPS extension doesn't work with "Microsoft Authenticator Lite" which is a new feature of Outlook Mobile.

The script doesn't check whether the user has Microsoft Authenticator Lite configured, or the full working Microsoft Authenticator app. Users with the "Lite" version are still marked as working.

As of right now though, I debugged the script and both methods are returning the name #microsoft.graph.phoneAuthenticationMethod making it impossible for the script to distinguish the two. This seems like a real oversight for the GraphAPI to return the same name for different authentication methods that behave differently. I don't see a way to fix this script right now, but maybe someone from Microsoft will be able to fix the API to return distinct values, or the NPS extension to support the new method, or ideally both.

The only other option I see is to look at the $method.AdditionalProperties['phoneAppVersion'] since Outlook is (as of writing) "4.2439.2" and the Authenticator app is "6.2410.6638" - that will be a very error prone solution though.