How to Set Up Microsoft Authenticator


The Microsoft Authenticator app helps you sign in to your accounts when you're using two-factor verification. Two-factor verification helps you to use your accounts more securely because passwords can be forgotten, stolen, or compromised. Two-factor verification uses a second factor like your phone to make it harder for others to break into your account. You can use the Microsoft Authenticator app in multiple ways:

Two-factor verification. The standard verification method, where one of the factors is your password. After you sign in using your username and password, you can either approve a notification or enter a provided verification code.

  • Phone sign-in. A version of two-factor verification that lets you sign in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN.

  • Code generation. As a code generator for any other accounts that support authenticator apps.

  • Authenticator works with any account that uses two-factor verification and supports the time-based one-time password (TOTP) standards.

Your organization might require you to use the Authenticator app to sign in and access your organization's data and documents, both in the office and via VPN. Even if your user name appears in the app, the account isn't set up as a verification method until you complete the registration. For more information, see Add your Work or School account.

Before You Begin

  1. Install the latest version of the Microsoft Authenticator app, based on your Mobile operating system:
  2. Google Android. On your Android device, go to Google Play to download and install the Microsoft Authenticator app.
  3. Apple iOS. On your Apple iOS device, go to the App Store to download and install the Microsoft Authenticator app.

Important: If you're not currently on your mobile device, you can still get the Microsoft Authenticator app if you send yourself a download link from the Microsoft Authenticator page.

Sign in to Authenticator App with QR Code

To add an account by scanning a QR Code, do the following:

  1. Navigate to the Microsoft Office website from your browser.

  2. On your computer, go to the Additional security verification page.

    Note: If you don't see the Additional security verification page, it's possible that your administrator has turned on the security info experience. If that's the case, you should follow the instructions in the Setup security info to use an authenticator app section. If that's not the case, you will need to contact your organization's Help Desk for assistance. For more information about security info, see Set up your Security info from a sign-in prompt.

  3. Select the Add sign-in method button,
     PLEASE NOTE: Remove any existing 
  4. Select the Authenticator App option.

  5. If you haven’t done so please download the Authenticator app. As shown under the heading Download and install the application on this work instruction. And then scan the QR code to add your Office 365 account to the app.

  6. Open the Microsoft Authenticator app, select the plus icon and select Add account, and then select Work or School account, followed by Scan a QR Code. If you don't have an account in the Authenticator app, you'll see a large blue button that says Add account.

  7. If you aren't prompted to use your camera to scan a QR Code, in your phone's settings, ensure that the Authenticator app has access to the phone camera.

  8. After you add your account using a QR code, you can set up phone sign-in. 
    1. If you receive the message You might be signing in from a location that is restricted by your admin. your admin hasn't enabled this feature for you and probably set up a Security Information Registration Conditional Access policy. Contact the administrator for your work or school account to use this authentication method.
    2.  If you are allowed by your admin to use phone sign-in using the Authenticator app, you'll be able to go through device registration to get set up for password-less phone sign-in and Azure AD Multi-Factor Authentication.

  9. IMPORTANT FOR MFA VPN USERS - Once the Authenticator App is set up on your phone, it's important that you change your default sign-in method on the Additional security verification page.

    Return to the Additional security verification and select Change the Default sign-in method to "Microsoft Authenticator – notification"
    PLEASE NOTE This needs to be changed otherwise you’ll not be able to connect to the VPN!

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Please sign in to leave a comment.