Getting Started
- Overview & Company
  - About Identity and Access Management
  - About Evo Security
- Initial Setup & Requirements
  - Evo Prerequisites & Supported Operating Systems
  - Getting Started: MSP Onboarding Guide
  - Evo Authenticator Mobile App 5.1.x (iOS and Android)
  - Evo Supported Authentication Methods
Directory Integrations
- Environments
  - What type of Directory do I need?
  - Directory Integration: Entra ID (formerly Azure Active Directory)
  - Set up Evo on Active Directory (LDAP)
  - Sync with Google Workspace
  - Evo Cloud: Directory-As-A-Service Setup and Installation
  - Unsupported - Microsoft Azure Virtual Desktop
Deployment & Configuration
- Installation & Setup
  - Deployment Tokens
- Advanced Configurations
  - How to protect Remote Desktop using Evo Security (RDP Support)
- Scripts & Automation
  - Deploy & Uninstall Evo Agent via PowerShell
  - Deploying the Evo Agent using ConnectWise RMM
- Branding & Customization
  - How do I update the Logos to match my company brand? (Web Page and Agent)
Product Information
- MFA
  - Getting Started: Multi-Factor Authentication
  - Evo Secure Login for Windows / Troubleshooting Secure Login
  - Setting up Microsoft Authenticator for MFA
- SSO/ SAML
  - What SAML integrations are available?
  - Passwordless Login
  - How do I add a rule for single sign-on (SSO) expiration
  - Identity Provider (IdP) Login
  - Connect Web Apps via SAML with Evo: Version 3
  - Azure AD/On-Prem AD Hybrid Environment - Federating Microsoft 365 Domain
  - Azure AD - Federating Microsoft 365 domain
  - WS-Federation integration for Office 365 login
  - Setting up SAML with Salesforce
  - Setting up SAML with Dropbox
  - Setting up SAML with Keeper
  - Setting up SAML with Box.com
  - Setting up SAML with Liongard
  - Setting up SAML with Auvik
  - Setting up SAML with Domotz
- Tech Elevation
  - Getting Started: Technician Elevation
  - Technician Elevation: Extended User Access Control session
  - Technician Elevation: Just-in-Time Accounts
  - Password Rotation with Evo
  - Local Admin Accounts
  - Web Accounts
- End User Elevation
  - Getting Started: End User Elevation
  - Usage Guide: End User Elevation
  - End User Elevation: Custom Branding
- Help Desk Verification
  - Getting Started: Help Desk Verification
  - Help Desk Verification with Microsoft Authenticator and Evo Secure Login
- Agents
  - Windows Agent Deployment
  - LDAP Agent Settings Editor
  - macOS Agent Deployment
- RADIUS
  - Getting started: RADIUS Server
  - RADIUS - Secure RADIUS Servers with TLS/radsecproxy (CVE-2024-3596)
Evo Portal
- Navigation & Managment
  - Welcome to the New Evo Portal!
  - Tenants Page
  - Policies Page
  - Rules Section (Global)
  - Integrations Page
  - Settings Section
  - Dashboard Page
  - Directories Page
  - Vault Section
  - Users Page
  - Groups Page
  - Access Tokens Page
  - Keys (Hardware Keys) Page
  - Endpoints Section
  - Applications Page
  - Elevation Section (Tenant)
  - Role-Based Permissions / List of Roles
- User & Directory Management
  - How do I add or delete customers?
  - How do I add, edit or disable a Domain Account?
  - How do I add, edit, or delete a directory?
  - How do I disable, enable, or delete user devices (Endpoints)?
  - User Groups
  - How do I manage my user licenses? (Billing and Administration)
Integrations
- PSA & Password Sync Integrations
  - Evo Password Integration with ITGlue
  - Integrating Evo with IT Glue
  - Integrating Evo with Halo PSA
  - Evo Password Integration with Hudu
  - Evo Integration with Autotask
  - Evo Integration with ConnectWise
- Microsoft EAM Integration
  - Microsoft EAM integration
User Onboarding & Guidance
- MFA & Access Behavior
  - How does the "MFA Status" toggle work?
  - Set Evo Secure Login as default option at login screen
  - MFA Grace Period
  - Temporary Authentication Lockout
- Account Management
  - How do I reset my Evo password?
  - How do I see authentication activity?
  - How do I convert user types?
  - How do I manage my users / users devices?
- End User Documentation
  - How do I create my user account?
  - How do i log in?
  - How do I register my device?
  - Evo Authenticator watch app
  - Using Evo Secure Login (End User)
  - Using Evo Security (End User) - Azure AD
  - Using Evo Security (End User) - Active Directory
Troubleshooting & FAQs
- Directories Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
  - Error Fetching AD Groups: How to fix AAD Client Secret expired
  - Troubleshoot issues with the Evo LDAP Agent
  - On-prem AD Virtual Machine hosted on Azure (timeout settings)
- Secure Login Troubleshooting
  - Error: Login Denied due to Temporary Lockout
  - Error Message: the account is disabled or not found
  - How to Fix Secure Login Always Requests Offline Code
  - How to use Offline code to login to Windows machine without Internet
- Elevated Access Troubleshooting
  - Error: The user has not been granted the requested logon type at this computer
  - How to Troubleshoot Elevated Access / Domain Accounts
- Mobile App Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
- End User Troubleshooting
  - User cannot login after changing email
Support & Resources
- Support & Resources
  - Where to go for help / feature requests
  - Adding Evo Users to the Evo Support Portal
  - Setting up Mobile Email to Provide Logs to Evo
  - How do I add, edit, or delete email campaigns?
  - How do I update Evo software?
More

Help Desk Verification with Microsoft Authenticator and Evo Secure Login

Last updated on January 23, 2026

Prerequisites

Before enabling Help Desk Verification, ensure the following conditions are met:

Help Desk Verification must be enabled for your environment.

Eligible users must be created or synced from an Azure Active Directory.

Users must have the appropriate version of the authentication app:

Microsoft Authenticator for Microsoft-based verification.

Evo Secure Login (Version 5.0.5 or higher) for Evo-based verification.

The admin requesting verification must have the Help Desk Verification role assigned within Role-Based Permissions.

Help Desk Verification Process

Help Desk Verification ensures that a user in Evo is connected to their associated mobile device, providing an additional layer of security for help desk interactions.

User Verification Request:

When a user requests help desk verification, a push notification will be sent to their registered mobile device.

Evo Admins can use this feature to confirm the caller’s identity before assisting with sensitive requests.

Requesting Verification in Evo:

In the Evo portal, navigate to the Users section.

Select the tenant and locate the user requiring verification.

Ensure that Help Desk Verification is enabled.

Click on the Request Verification button.

Choose the verification method:

Microsoft Authenticator App

Evo Secure Login App

User Response:

The user will receive a push notification on their registered device.

Once approved, the verification status will update on-screen.

If denied or if the app version is outdated, an appropriate error message will display.

Granting OAuth Permissions (For Microsoft Authenticator)

If using Microsoft Authenticator, OAuth permissions must be granted:

Completing OAuth Setup:

Navigate to Microsoft Entra ID → Enterprise Applications.

Search for and select Evo Security.

In the Enterprise Applications section, go to the Permissions tab.

Under Admin consent required permissions, locate the Grant admin consent button.

Click Grant admin consent for [Your Organization] and confirm.

Required OAuth Permissions:

The following OAuth permissions must be granted admin consent:

UserAuthenticationMethod.Read.All (Application)

User.ReadWrite.All (Application)

Application.ReadWrite.All (Application)

Directory.ReadWrite.All (Application)

User.ManageIdentities.All (Application)

User.Read (Delegated)

Important Notes on OAuth Transition

If your directory was initially created using an Azure app registration, completing the OAuth setup will shift authentication to OAuth-based authentication.

Evo Security will authenticate and perform actions within your tenant using OAuth instead of previously provided client credentials.

Once OAuth permissions are successfully granted and verified, you may optionally delete the old app registration only after confirming all necessary permissions are set.

User Setup Requirements

Each user requesting Help Desk Verification must:

Have a registered device with either Microsoft Authenticator or Evo Secure Login (Version 5.0.5 or higher).

Be set up within Evo via directory sync or manual addition.

Have their mobile device paired with the authentication method chosen.

Additional Information

If a user does not have a secure login license, they can still use Help Desk Verification by pairing the mobile app via the welcome email QR code link.

If interested in enabling Help Desk Verification for your environment, contact your Evo Account Manager for more details.

For support or troubleshooting, reach out to the Evo Security Support Team.

Did this answer your question?

😞

😐

🤩

Getting Started: Help Desk Verification Windows Agent Deployment