Set Up Multi-Factor Authentication with Microsoft Authenticator

Overview

Multi-factor authentication (MFA) adds a second check to your sign-in so a stolen password alone cannot get into your account. This guide walks you through setting up the Microsoft Authenticator app, which your company uses to approve sign-ins to Microsoft 365.

Before You Begin

• Your work email address and current password.
• Your smartphone (iPhone running iOS 17 or later, or Android 11 or later).
• A few minutes of uninterrupted time. Once you start, finish in one sitting.
• A safe place to keep recovery codes (a notebook or your company password manager).

Steps

1. On your phone, open the App Store (iPhone) or Google Play Store (Android).
2. Search for Microsoft Authenticator and install the app published by Microsoft Corporation. Do not install look-alike apps.
3. On your computer, open a private or incognito browser window and go to https://aka.ms/mfasetup.
4. Sign in with your work email and current password.
5. When prompted to set up more information, click Next.
6. Choose Mobile app (or Microsoft Authenticator) as your method, then click Next.
7. On your phone, open the Authenticator app. Tap Add account → Work or school account → Scan a QR code.
8. If your phone asks for camera access, tap Allow.
9. Point your phone's camera at the QR code on your computer screen.
10. Back on your computer, click Next. Microsoft will send a test notification to your phone.
11. On your phone, tap Approve and enter the number shown on your computer screen.
12. When prompted, add a backup phone number. This rescues you if you lose your phone.
13. Click Done. You now have MFA enabled.

Troubleshooting

• If the QR code will not scan: make sure your phone camera lens is clean and you have good light. You can also tap Or enter code manually in the app and type the code shown on your computer.
• If you do not receive the approval notification: open the Authenticator app directly. Pending approvals appear at the top.
• If you get a "Your IT department has not enabled this" error: contact support. Your account may need MFA enabled on the back end first.
• If you already had MFA set up with text messages: keep both methods active. Microsoft Authenticator should be your default sign-in method, with SMS as the fallback.
• If you change phones: set up Authenticator on the new phone before retiring the old one. If the old phone is already gone, contact support to reset MFA.

Related Articles

• Set Up Multi-Factor Authentication with Google Authenticator
• Use a Hardware Security Key for Multi-Factor Authentication
• Reset Your Microsoft 365 Password
• What to Do If Your Account Is Compromised

Need More Help?

Submit a ticket at support.bostonmit.com or email support@bostonmit.com.