AuthPoint Now Works as MFA for Microsoft Entra ID + New Mobile App
Two AuthPoint updates are available today that expand what you can do with identity security across your customers' environments.
External MFA for Microsoft Entra ID
AuthPoint is now a supported External MFA provider for Microsoft Entra ID. If your customers use Entra ID as their identity provider, you can configure AuthPoint to handle the MFA step when they sign in to Microsoft 365, Azure services, and any application protected by Entra ID Conditional Access.
This means your customers no longer need a separate authenticator app for Microsoft and another for everything else. The AuthPoint app covers both. One app for Microsoft sign-ins, VPN, Windows, and Mac login, remote desktop, and third-party applications.
All five AuthPoint authentication methods are available for Entra ID sign-ins: push notifications, time-based one-time passcodes, QR codes, hardware tokens, and FIDO2 passkeys. Push, TOTP, QR, and hardware tokens work across every resource AuthPoint protects. Passkeys are available for OIDC-based resources, including Entra ID, FireCloud, and OIDC applications.
AuthPoint zero-trust policies apply to Entra ID sign-ins the same way they apply to every other protected resource. You set the rules in WatchGuard Cloud. On the Microsoft side, tenant administrators add AuthPoint as an external method through the Entra ID Admin Center and assign it to users or groups through Conditional Access policies.
For customers on Microsoft 365 plans that do not include Conditional Access or advanced security features, AuthPoint already covers VPN, Windows, macOS, remote desktop, and third-party apps independently, without any Microsoft license upgrade.
What's not included in this release
This integration is for Entra ID cloud environments. It does not cover on-premises Active Directory, LDAP connectors, or AD FS migration scenarios. Existing AuthPoint integration methods remain available for those setups.
Requirements
Microsoft Entra ID P1 or higher (a Microsoft requirement for External MFA), an active AuthPoint subscription, and access to the Entra ID Admin Center. Customers and partners maintain their own Entra ID tenant and subscription.
The New AuthPoint Mobile App
Today also marks the completion of a full redesign across every AuthPoint platform. The Windows agent was updated last year. The macOS agent followed. The mobile app is the final piece.
What's new: redesigned interface, simplified token activation, and a unified list for WatchGuard and third-party tokens with token search. All three platforms now share the same look and feel. The app continues to support all existing authentication methods with no changes to how authentication works. The update focuses on usability, visual consistency, and reducing friction during setup and daily use.
Licensing
Both updates are included in existing AuthPoint MFA and AuthPoint Total Identity Security licenses at no additional cost.
What This Opens Up
With External MFA, AuthPoint now covers the one environment that was previously out of reach for partners managing Entra ID customers without on-premises infrastructure. Combined with the coverage AuthPoint already provides across VPN, endpoints, and third-party applications, this gives you a single authentication platform that works across your customers' full environment, managed from WatchGuard Cloud.
Getting Started
For External MFA setup, see Microsoft 365 Integration with AuthPoint for Entra Users. For questions, contact your WatchGuard Account Manager or use standard support channels.
NEW Web Product Pages:
- Identity Security landing page
- AuthPoint MFA page
- AuthPoint Total Identity Security
- AuthPoint Hardware Token
- AuthPoint Demo Page
Learn More