Microsoft Authenticator Comprehensive Guide

Summary

Multi-factor authentication (MFA) adds an extra layer of security by requiring more than just a password to access accounts. Microsoft Authenticator helps users set up and manage MFA through app-based notifications or verification codes. This guide covers initial setup, updating authentication methods, registering new devices or phone numbers, and troubleshooting common issues.

What is MFA?

MFA stands for multi-factor authentication. It is a security measure used to protect user accounts and systems by requiring multiple forms of verification to verify the identity of a user. It adds an extra layer of security beyond the traditional username and password combination. MFA significantly enhances security because even if an attacker manages to obtain the user's password, they will still need access to the second factor (e.g., the physical device or biometric data) to successfully authenticate. This makes it much harder for unauthorized individuals to gain access to sensitive accounts or systems.

Initial Setup

The following instructions will walk you through how to register a device in Microsoft Authenticator for the first time.

Registering an Authenticator Device for the First Time

On your computer:

Open your preferred web browser and go to:
https://aka.ms/mfasetup
Sign in using your work email address and current password.
- If you do not have a password, use your Temporary Access Pass instead.
When prompted with the message “More information required,” click Next to begin setup.
You’ll be redirected to the Authenticator setup page. Click Next, then Next again to proceed.
A QR code will be displayed on screen:

On your mobile device:

Install and open the Microsoft Authenticator app from the App Store (iOS) or Google Play Store (Android).
Tap the "+" icon in the upper-right corner.
Select Work or school account, then choose Scan QR Code.
Use your phone to scan the QR code shown on your computer.
After a successful scan, the app will display a JBS International profile with your work email listed.

On your computer:

Click Next to display a two-digit verification code.

On your mobile device:

A notification will appear from the Authenticator app. Tap the notification or open the app manually.
Enter the two-digit code shown on your computer and tap Yes.

On your computer:

If the code is entered correctly, you'll see a "Notification approved" message. Click Next.
You’ll be redirected to the Security Info page, where Microsoft Authenticator will now be listed as a sign-in method.

It is strongly advised to register your phone number as a backup authentication method.

Registering a Phone Number for the First Time

On your computer:

Navigate to the Security Info Page.
Click Add sign-in method.
In the Add a method window, select Phone from the dropdown menu, then click Add.
Enter your phone number and choose your preferred method to receive a verification code (e.g., text message).
Click Next to proceed.
Check your phone for the verification code and enter it on the next screen.
Click Next to confirm.
Once verification is successful, you’ll see a “Verification Complete” message.
Click Done.
You’ll be redirected back to the Security Info page, where your newly added phone number will appear as a sign-in method.

Updating Authentication Methods

The following instructions will walk you through how to update your authentication methods.

Accessing the Security Info Page

Open your preferred web browser and go to:
https://aka.ms/mysecurityinfo
Sign in with your work email address and current password.
If prompted for multi-factor authentication (MFA) and you no longer have access to the Microsoft Authenticator app, click:
“I can't use my Microsoft Authenticator app right now.”
Choose the option to receive a text message with a verification code. Enter the code you receive on the next screen to complete authentication.
- Note:
  If you are unable to receive a text message or the phone number listed is outdated, please contact the Help Desk for assistance.
Once authenticated, you will be redirected to the Security Info page.

Deleting an Authenticator Device

On your computer:

Go to the Security Info page.
(Refer to the “Security Info Page” section for detailed navigation steps.)
On the Security Info page, click Change next to your default sign-in method.
- Select Phone - text from the list of available options.
- Confirm your selection to set it as the new default method.
Locate the Microsoft Authenticator entry in your list of sign-in methods.
Click Delete next to it, then confirm by selecting OK on the confirmation screen.

On your mobile device:

Open the Microsoft Authenticator app.
Tap the JBS International profile.
Tap the gear icon in the upper-right corner.
Select Remove account, then tap Continue to confirm.

Registering a New Authenticator Device

If the previous Authenticator device is no longer needed, refer to the "Deleting an Authenticaticator Device" section for instructions on removing it from your account.

On your computer:

Navigate to the Security Info page.
(Refer to the “Security Info Page” section for detailed navigation steps.)

On your phone:

Ensure the Microsoft Authenticator app is installed from the App Store (iOS) or Google Play Store (Android).

On your computer:

Click Add sign-in method.
From the dropdown, select Authenticator app, then click Next.
On the setup page, click Next, then Next again to proceed to the QR code screen.

On your phone:

Open the Microsoft Authenticator app.
Tap the "+" icon in the upper-right corner.
Select Work or school account, then choose Scan QR Code.
Use your phone to scan the QR code displayed on your computer.
After a successful scan, you’ll be redirected to the Authenticator home screen, where a JBS International profile with your work email will appear.

On your computer:

From the QR code screen, click Next. A two-digit code will appear on the screen.

On your phone:

A notification will appear from the Authenticator app. Tap the notification or open the app manually.
Enter the two-digit code shown on your computer and tap Yes.

On your computer:

If the code is entered correctly, you’ll see a “Notification approved” message. Click Next.
You’ll be redirected to the Security Info page, where Microsoft Authenticator will now be listed as a sign-in method.

Registering a New Phone Number

On your computer:

Navigate to the Security Info page.
(Refer to the “Security Info Page” section for detailed navigation steps if needed.)
Locate your current phone number and click Change next to it.
Enter your new phone number and choose your preferred method to receive a verification code (e.g., text message).
Click Next to proceed.
Check your phone for the verification code and enter it on the screen.
Click Next to confirm.
Once the code is verified, you’ll see a “Verification Complete” message.
Click Done to finish.
You’ll be redirected back to the Security Info page, where your updated phone number should now be visible.

How to Use Microsoft Authenticator

The following instructions will walk you through how to use your authentication methods. Please note that the App-Based Notification prompt is the primary method for regular use. All other options should be considered backup methods and used only when necessary.

Approving an Authenticator Prompt via the App-Based Notification

On your computer:

After signing in to a service that requires multi-factor authentication (MFA), a two-digit number will appear on the screen.

On your mobile device:

A notification will be sent to your phone via the Microsoft Authenticator app.
Tap the notification to open it. If you don’t receive one, manually open the Microsoft Authenticator app.
A prompt will appear for you to enter the two-digit number displayed on your computer.
Tap Yes to confirm.

If the number is entered correctly, the sign-in will be approved.

Approving an Authenticator Prompt via Verification Code

On your computer:

After signing in to a service that requires MFA, a prompt will appear asking you to enter a verification code.

On your mobile device:

Open the Microsoft Authenticator app.
Tap the “JBS International” account profile.
Note the one-time passcode displayed, along with the circular timer next to it indicating how long the code is valid.

Back on your computer:

Enter the one-time passcode before the timer expires.

If the code is entered correctly and within the time limit, the sign-in will be approved.

Approving an Authenticator Prompt via Text-Based Verification

On your computer:

After signing in to a service that requires multi-factor authentication (MFA), a prompt will appear stating:
“We texted your phone +X XXXXXXXXXX. Please enter the code to sign in.”

On your mobile device:

Locate the text message containing the verification code. This may appear as a notification or in your messaging app.

Back on your computer:

Enter the code into the verification field.
Click Verify to complete the process.

If the code is entered correctly and within the time limit, the sign-in will be approved.

Approving an Authenticator Prompt via Call-Based Verification

On your computer:

After signing in to a service that requires Multi-Factor Authentication (MFA), a prompt will appear stating:
“We're calling your phone. Please answer it to continue.”

On your mobile device:

Answer the incoming call.
Follow the voice instructions and press the requested key—typically the # key—to approve the sign-in.

If the correct key is entered within the time limit, the sign-in will be successfully approved.