Introduction to Microsoft Authenticator
Two-Factor Authentication (also known as 2FA or MFA) is a security enhancement that ensures that a second factor, such as a code from your phone, is required to sign into your online accounts. It is a critical security measure that protects your account in case your password is uncovered in a breach. This quick guide will help you get started with the Microsoft Authenticator app, which makes 2FA for your Microsoft Account super easy and provides enhanced security compared to a traditional SMS.
This guide assumes that you have:
1. Access to your computer
2. A reasonably modern Android or iOS device
3. An internet connection
4. About 5 minutes
PLEASE NOTE: If you are using legacy apps, services or protocols (such as using your Microsoft account for scan-to-email on a multi-function printer, or a contact form on a website), some of these services may stop working after you enable 2FA. Contact us if this impacts you and we can implement workarounds.
Setting up Microsoft Authenticator
Once your administrator enables Microsoft Security Defaults (which enables 2FA for everyone), you may notice that you start to get a security notification when trying to use various Microsoft services (such as https://office.com or https://teams.microsoft.com). You’ll have 14 days to set up Two-Factor Authentication, so don’t stress if you don’t have time to do this right away.
Follow these steps to setup 2FA:
- Open your web browser and try to sign into a Microsoft Service, such as https://office.com. When you receive this notification, select Next. If you don’t get this notification, try signing out, and then back in again. If you are still not receiving a prompt, or instead you are being prompted for an SMS or phone call, you can visit http://aka.ms/mfasetup to set up Microsoft Authenticator manually.
2. You will be prompted to install the Microsoft Authenticator app. Go to your mobile device and download the app.
a. If you are using Android, go to the Google Play Store and search for Microsoft Authenticator for Android.
b. If you are using iOS, go to the Apple App Store and search for Microsoft Authenticator for iOS.
3. Open the App and grant any permissions that it asks for. Once you get to the main page, tap the + button to add your account. You can also add an account by pressing the menu button in the corner.
4. When adding an account, select “Work or School Account” and select “Scan a QR Code”.
5. Head back to your computer, and then click Next to progress until you are given an opportunity to scan a QR code, which should look similar to the image below.
6. Once you have scanned the QR code, you’ll have an opportunity to test it. You should get a prompt on your device – accept it and you are good to go!
Using Microsoft App Passwords
After 2FA has been enforced, some issues may occur on some apps or unsupported devices (eg. Scan-to-Email functionality on Multi-Function Printers). This is where App Passwords come in. You can use this feature on Microsoft Office 365 where you can create a unique password for each app or each device that requires one
Follow this link to create app passwords: https://account.activedirectory.windowsazure.com/AppPasswords.aspx
From here, you can generate new app passwords, which then can be used on unsupported devices. If you forget or stop using a device, it is recommended to revoke these. You can always generate additional app passwords where necessary in the future.
Microsoft Office 365 Default Sign-In Method
If you are receiving SMS messages instead of Microsoft Authenticator prompts, you can change this setting via your Microsoft Account. This is also helpful if you are no longer able to access the Microsoft Authenticator app. See the link below to change your default sign-in method in case you’re not able to access your Microsoft Authenticato: https://mysignins.microsoft.com/security-info
From here, you can select your phone or your Microsoft authenticator as your default sign-in method.