How to Migrate from Google Authenticator to Microsoft Authenticator (Admins)
If your LastPass Enterprise account has an enforced policy to require the use of Google Authenticator as your only Multifactor Authentication option (but instead your users have been using the Microsoft Authenticator) and you now want to migrate your users to specifically and only use the Microsoft Authenticator option, follow the steps below. Once completed, your users will be prompted to first authenticate using their existing authentication settings (i.e., actually using the Microsoft Authenticator when prompted with a Google Authenticator window), then will be prompted to enroll in using Microsoft Authenticator to be used going forward.
BEFORE PERFORMING THE STEPS BELOW it is highly recommended that you contact your users first to inform them that they will be required un-enroll from Google Authenticator then enroll with Microsoft Authenticator as their Multifactor Authentication option either while they are logged in or the next time they log in to LastPass. You can ease your end users through this migration process by including the steps outlined in How to Migrate from Google Authenticator to Microsoft Authenticator (Users) in your communication to your organization.
- Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
- Go to Settings > Policies.
- Click Add Policy and add the "Require use of Microsoft Authenticator" policy, then select your desired user base and click Save.
- Go to Advanced Options > Enterprise Options > Enabled Multifactor Options and ensure that "Google Authenticator" remains enabled. In an upcoming release, the "Microsoft Authenticator" option will be added in this section, but in the meantime, using the Google Authenticator option functions as an equivalent to the Microsoft Authenticator as a required option.
- Go back to Settings > Policies and click Delete for the "Require use of Google Authenticator" which will first prompt users to authenticate with their existing authentication settings (i.e., actually using the Microsoft Authenticator when prompted with a Google Authenticator window), then they will be prompted to enroll with Microsoft Authenticator to use going forward.