MFA Setup for Microsoft Authenticator
Objective: Multi-Factor Authentication or Two-Factor Authentication (aka “MFA” or “2FA”) provides a third layer of security to successfully login to your user account. This layer is a six-digit number that rotates every thirty seconds as issued from a hardware or software token. Upon setup of the token, the client-side and server only have the spinning serial number sequence. This makes it extremely difficult for an unauthorized person to compromise a user account even if they have the password, because they do not have the token in their possession.
Important: If you have set up the Microsoft Authenticator app on five different devices or if you've used five hardware tokens, you won't be able to set up a sixth one, and you might see the following error message: You can't set up Microsoft Authenticator because you already have five authenticator apps or hardware tokens. Please contact your administrator to delete one of your authenticator apps or hardware tokens.
Set Up Microsoft Authenticator
You can follow these steps to add your two-factor verification and password reset methods. After you've set this up the first time, you can return to the Security info page to add, update, or delete your security information. If you're prompted to set this up immediately after you sign into your work or school account, see the detailed steps in the Set up your security info from the sign-in page prompt.
- Sign into your work or school account and then go to your My Account portal.
- Select Security info in the left menu or by using the link in the Security info pane. If you have already registered, you'll be prompted for two-factor verification. Then, select Add method in the Security info pane.
- On the Add a method page, select Authenticator app from the list, and then select Add.
-
On the Start by getting the app page, select Download now to download and install the Microsoft Authenticator app on your mobile device, and then select Next.
- If you want to use an authenticator app other than the Microsoft Authenticator app, select I want to use a different authenticator app.
-
If your organization lets you choose a different method besides the authenticator app, you can select I want to set up a different method.
- Remain on the Set up your account page while you set up the Microsoft Authenticator app on your mobile device.
-
Open the Microsoft Authenticator app, select to allow notifications (if prompted), select Add account from the Customize and control icon on the upper-right, and then select Work or school account.
Note: The first time you set up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (Apple iOS) or to allow the app to take pictures and record video (Android). You must select Allow so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually.
- Return to the Set up your account page on your computer, and then select Next. The Scan the QR code page appears.
- Scan the provided code with the Microsoft Authenticator app QR code reader, which appeared on your mobile device after you created your work or school account in Step 6.
- The authenticator app should successfully add your work or school account without requiring any additional information from you. However, if the QR code reader can't read the code, you can select Can't scan the QR code and manually enter the code and URL into the Microsoft Authenticator app. For more information about manually adding a code, see Manually add an account to the app.
- Select Next on the Scan the QR code page on your computer. A notification is sent to the Microsoft Authenticator app on your mobile device, to test your account.
- Approve the notification in the Microsoft Authenticator app, and then select Next. Your security info is updated to use the Microsoft Authenticator app by default to verify your identity when using two-step verification or password reset.
Delete your authenticator app from your security info methods
If you no longer want to use your authenticator app as a security info method, you can remove it from the Security info page. This works for all authenticator apps, not just the Microsoft Authenticator app. After you delete the app, you must go into the authenticator app on your mobile device and delete the account.
Change Your Default Security Method
If you want the authenticator app to be the default method used when you sign-in to your work account using two-factor verification or for password reset requests, you can set it from the Security info page. To complete the change:
On the Security info page, select Change next to the Default sign-in method information.
Choose Microsoft Authenticator - notification from the list of available methods. If you're not using the Microsoft Authenticator app, select the Authenticator app or hardware token option.
Select Confirm. The default method used for sign-in changes to the Microsoft Authenticator app.