Earlier this year, Microsoft Advertising introduced multi-factor authentication in Microsoft Advertising online. We’re now extending the rollout of multi-factor authentication to all users who sign in through a third-party application that uses the Microsoft Advertising API.
What it is:
Multi-factor authentication is a security process that requires you to verify your identity in two different ways. For example: entering your password along with a code sent to your phone.
What you need to know:
You'll soon notice a change when you sign in through third-party applications. Whenever consent is required, you’ll be asked to provide a second form of verification that matches contact information that you've included in your Microsoft account profile.
What users need to do:
If you sign in through third-party applications, you must check your Microsoft account settings now to ensure that your security information is up to date. This will help you be ready when we roll out multi-factor authentication to all API users over the coming months.
What developers need to do:
On 1 April 2021, we’ll start enforcement of multi-factor authentication. When this happens, your users will be prompted to go through the multi-factor authentication process. Upon trying to make a scheduled and/or user triggered call from the application, advertisers will be automatically prompted to sign-in, pass second form of verification and provide consent again. It’s important to consider this to avoid disruption to scheduled application calls when the user is not present in the application.
Users are free to turn on multi-factor authentication before the hard deadline. If they do so, they will be prompted to go through the above process upon the next API request made by the application. This applies for both scheduled and/or user triggered requests.
There is a significant overlap of advertisers that have already passed multi-factor authentication in Microsoft Advertising online, Mobile Application and Editor tool. These advertisers are fully set up and ready to easily pass verification in your application as well.
We recommend applications to start planning for how to handle prompt for the user to complete multi-factor authentication (which will require a code change). This is to ensure that users are present in the application to successfully go through and complete the required process. It will be best for the application to instruct the user to enable this enhanced security measure for their account and then sign them out for the verification process to be triggered within the application again. We heavily recommend doing this gradually to ensure appropriate adoption and uninterrupted usage.
We’re looking to roll this out by 1 April 2021, giving you enough time to plan accordingly. We’ll be circling back in the coming weeks with more details. In the meantime, if you have any questions or would like assistance, please contact your account team or Microsoft Advertising Support.
Keep in Touch
To receive blog updates automatically, subscribe to the Microsoft Advertising Insider newsletter. Make sure to follow us on Instagram, LinkedIn and Twitter to keep up with the latest Microsoft Advertising news, insights and more.