From our perspective, using Microsoft Authenticator is the best option to use as your default MFA sign-in method. Your other options are SMS, email, security questions, and Office phone.
The reason we like it is that:
- It is secure
- It is available for iOS and Android devices
- You can MFA even if you have no cell coverage
- You can MFA also if you have no wireless coverage
- If you have a limited SMS Plan and have wifi, you will not be using your SMS plan to get authenticated
- The best of all, you just need to click a button to MFA, no need to read, remember, and type a 6-digit code
Here is the process that you will experience, as a user, when setting up Microsoft Authenticator as your preferred authentication method
Note: Your IT administrator must have enabled MFA, and the Azure feature called “Users can use preview features for registering and managing security info – enhanced”
Let’s get started!
- Download the Microsoft Authenticator App from the Android or Apple store on your phone
IMPORTANT: If this is the first time you're setting up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select Allow so the authenticator app can access your camera to take a picture of the QR code.
- Go to https://office.com
- Click on Sign in
- Type your username and click Next
- Type your password and click on Sign in
You will now be required to provide more information and start enrolling your device against your Office 365 account.
6. Click Next in the screen below
7. You will now be presented with a wizard to install the Microsoft Authenticator app on your phone
Once you have downloaded the app, please make sure you allow the Microsoft Authenticator app to use your camera (if asked). If the app cannot use the camera, you will not be able to complete the setup correctly.
8. Once the app is installed, you will need to set up your account to connect to the app.
9. Now that the app has been registered against your account, let’s validate that it has been set up correctly
You will receive a ‘pop up’ notification from Microsoft Authenticator. You will need to press the Approve button to move forward. The beautiful thing, compared to SMS MFA is that you do not have to type any number, making the process faster and easier.
10. If the setup is successful, you will receive the following confirmation – “Notification approved”
Now, you will set up the backup solution, which is to use the regular MFA using the SMS option
11. You will be asked to enter your mobile phone number. You will need to decide if you want to have your validation done via an SMS or having Microsoft call you
In the example below, I have chosen the SMS option. Once you receive the SMS, enter it and click Next
12. When successful, you will receive the following screen “SMS verified successfully.”
You are now ready to use Microsoft Authenticator as the default sign-in method
You have taken a significant step to secure your identity!