A guide to understanding and setting up Microsoft Authenticator for multi-factor authentication
Multi-
Factor
Authentication
What is Multi-Factor Authentication (MFA)?
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
Why is MFA Important?
The main benefit of MFA is it will enhance your organization’s security by requiring your users to identify themselves by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an MFA factor like a thumbprint or physical hardware key means increased confidence that your organization will stay safe from cyber criminals.
How Does MFA work?
MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are those 4-8 digit codes that you often receive via email, SMS or another mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.
Setting up Microsoft Authenticator
Microsoft has been prompting users to configure the Microsoft Authenticator app as a form of MFA (Multi-Factor Authentication) the steps below will assist you in configuring it for your company account.
Step 1
On your mobile device, navigate to your App Store, select Download now to download and install the Microsoft Authenticator app on your mobile device, and then select Next. For more information about how to download and install the app, see Download and install the Microsoft Authenticator app. Once installed, hit Next on the initial pop up.
Step 2
Remain on the Set up your account page while you set up the Microsoft Authenticator app on your mobile device.
Step 4
Return to the Set up your account page on your computer, and then select Next. The Scan the QR code page appears.
Step 3
Open the Microsoft Authenticator app, select to allow notifications (if prompted), select Add account from the Customize and control icon on the upper-right, and then select Work or school account. Note: The first time you set up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select Allow so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually. For information about how to add the code manually, see see Manually add an account to the app.
Step 5
Scan the provided code with the Microsoft Authenticator app QR code reader, which appeared on your mobile device after you created your work or school account in Step 3.
Step 6
The authenticator app should successfully add your work or school account without requiring any additional information from you. However, if the QR code reader can't read the code, you can select Can't scan the QR code and manually enter the code and URL into the Microsoft Authenticator app. For more information about manually adding a code, see Manually add an account to the app.
Step 7
Select Next on the Scan the QR code page on your computer. A notification is sent to the Microsoft Authenticator app on your mobile device, to test your account.
Step 8
Approve the notification in the Microsoft Authenticator app, and then select Next. Your security info is updated to use the Microsoft Authenticator app by default to verify your identity when using two-step verification or password reset.
All done! You have now successfully configured the Microsoft Authenticator app.
Keep in Mind
Now that you have Microsoft Authenticator app installed and working, you may be prompted for your PIN or Facial recognition. This is yet another security feature that Microsoft has implemented. The PIN or Face ID that they are referring to in this case is the actual PIN / Face ID you use to unlock your phone.