Skip to content

Excalibur vs. MS Authenticator Comparison

Multi-factor authentication (MFA) is a process where a user is prompted during a sign-in event for additional forms of identification. This prompt could be to enter a code on their smartphone or to provide a fingerprint scan. When you require a second form of authentication, security is increased as this additional factor isn't something that's easy for an attacker to obtain or duplicate.

It is very difficult to compare two technologies that have different approaches to MFA. MS Authenticator (MSA) is only used for account two-factor verification in the onboarding (register or join devices) phase. For further logging into the Windows, the Hello system factors are then utilized, such as PIN, password, shape or finger biometrics. In contrast, the Excalibur solution requires Excalibur Token-mediated factors for each logon to Windows. Excalibur also extends the set of standard factors such as PIN, finger print, shape biometrics with precise geolocation, time window, IP address and other factors. In case of unavailable connectivity, Excalibur system also allows logging in with OTP, which is not possible in case of MS Authenticator 1, as well as it is not possible to log in to the system in case the user forgets the PIN and tries to login with a passwordless account.

The following table lists other features of the Excalibur system compared to the capabilities of the MS Authenticator.

Excalibur (Token) MS Authenticator
Straightforward onboarding
Authenticate every logon
Active Directory integration
OTP / TOTP (Windows)
Lock/Logout Session
Session history 3
Verifying co-workers
Cryptographically signed auditability of every action

The following procedure demonstrates the obscure process of registering an account into MS Authenticator and Windows 10. Azure Active Directory Premium P2 Subscription was used as Identity and Access Management (IAM). Setting up such an environment is beyond the scope of this document.

  1. OTP, TOPT capability is not available for Windows logon 


  3. MS Authenticator displays Windows Sign In history only when registering a device, normal user logins do not.