I'm very interested in the phone but

You’re right, it is MS auth as MFA for M365 as determined by my employer. I’ll give it try with Anbox and see what happens.

Let me know. I have to run that app for my employer too - so come the day that my Librem 5 arrives, I will at least be trying it under Anbox.

I’m very well aware what’s going on in the financial sector, it’s definitely a planned move to force everyone into digital currency. It’s not as big a push here in the US
Yet. But it will be eventually if the plans keep progressing.

Why do you have bank apps on your portable device? In order to reduce my exposed attack surface, I only do online banking from a home computer.

Starling bank (and Monzo) until very recently provided no other option - they only had mobile apps. They’ve recently add online (web) banking though so you should be able to use that for most functionality (you still need the app to sign up in the first place though).

That said they also provide API access so it seems relatively feasible to build a GTK front end for that, at least for personal use.

NP will do.

You make a valid point, but as a pre-covid road warrier it was important to me to keep an eye on my accounts

Sh*t isnt it!

Having considered the options I think I’ll go with a Pine. Bottom line is that the price point is too high for me to take a punt.
The Pine has a better price point so it allows me to take a risk and if it doesnt work its not an issue…

Wise choice if you don’t have money to just fritter away. That way you can get a good feel for if a librem purchase will truly be a wise move or not.

I agree fully; it is the attitude that I have taken with the L-5 and the Linux phone ecosystem in general. I bought a Pine phone both to support the ecosystem and also to play around with the device to get experience with small-screen Linux and begin to adjust my life to a pocket computer instead of a smart phone while waiting for my L-5.

Many of the self-righteous complaints that I have seen on this forum display the attitude of a person who expects a fully working consumer device and is unhappy that those expectations are not being met; as I much as I would like such a device, it is not what I am expecting day one (or two for that matter).

I’ve had success using Yubikeys in place of MS Authenticator. Worth asking your company if they support them.

MS Authenticator has two different kinds of functionality:

• standard TOTP (a 6 digit number is generated based on cryptographically combining the current time with a random, shared secret)
• push notifications whereby the app prompts you to enter a code that has been shown to you by the web site for which the app is doing 2FA, and perhaps some proprietary crap is involved

Did you mean the former or the latter or both?

Can say from experience, I have worked at a company where their apps use MS Authenticator but where only push notification are allowed, and not TOTP nor yubikey. This setting is generally determined by the system administrators, and an employee who tries to use TOTP or yubikey and is therefore unable to log in can be seen as at risk of being anti-progress or not submitting to the work that must be done, which could be dangerous for their productivity as a worker.

Ergo, like Joe Dirt shoved in a hole and told repeatedly, “its puts the lotion on the skin,” in a similar way, “it clicks the notification from the app” is what an MS Authenticator user must say to themselves if their systems don’t allow the special TOTP/yubikey permission.

Yes, I believe so. But I was asking @sethf which specifically he had found to work. We don’t know whether his system administrators require all to submit to the MS borg and assimilate.

Regarding Microsoft authentication. I think that admins also have the option to let Microsoft call your phone, and you have to press # to authenticate. I used this for a project where I was forced to work with Microsoft services. It worked well with my Librem 5.

Both. When I was originally onboarded, I used MS Authenticator on a personal device for the MS Auth MFA challenge pop-up. Then I ordered a Yubikey, and added that as an MS Azure/Microsoft account secure method or whatever in their security settings.

Once the Yubikey was added, I was able to remove the MS Authenticator method for my personal device.

Later I added the same Yubikey as a passkey for both my daily and privileged admin accounts, and that simplified access management even further.