When setting up multi-factor authentification for the first time, why does the Microsoft authenticator App request so many permissions?

When setting up multi-factor authentication (MFA) for the first time, the app is making you aware it needs to access your camera to read the QR codes. These details are not used in any other way to provide access to MFA.

Here's the full list of permissions that might be asked for, and how they're used by the app. The specific permissions you see will depend on the type of phone you have.

• Camera. Used to scan QR codes when you add a work, school, or non-Microsoft account.
• Contacts and phone. The app requires this permission so it can search for existing work or school Microsoft accounts on your phone and add them to the app, helping to ensure your account works properly. This permission also helps save you time while adding your personal Microsoft accounts, by automatically filling in some of the info for you, like your first and last name.
• SMS. Used to make sure your phone number matches the number on record. When you sign in with your personal Microsoft account for the first time. We send a text message to the phone where you downloaded the app that includes a 6-8 digit verification code. Instead of asking you to find this code and enter it in the app, it's found in the text message for you.
• Draw over other apps. The notification you get that verifies your identity is also displayed on any other app that might be running.
• Receive data from the internet. This permission is required for sending notifications.
• Prevent phone from sleeping. If you register your device with your organization, your organization can change this policy on your phone.
• Control vibration. You can choose whether you would like a vibration whenever you receive a notification to verify your identity.
• Use fingerprint hardware. Some work and school accounts require an additional PIN whenever you verify your identity. To make the process easier, we allow you to use your fingerprint instead of entering the PIN.
• View network connections. When you add a Microsoft account, the app requires network/internet connection.
• Read the contents of your storage. This permission is only used when you report a technical problem through the app settings. Some information from your storage is collected to diagnose the issue.
• Full network access. This permission is required for sending notifications to verify your identity.
• Run at startup. If you restart your phone, this permission ensures that you continue you receive notifications to verify your identity.