Microsoft Authenticator - Getting started

Microsoft Authenticator is a free mobile app from Microsoft for iPhone, iPad, and Android devices that helps protect your UWin Account (Microsoft work/school account). Passwords alone or with MFA using a text message are no longer enough to keep accounts secure. Microsoft Authenticator adds an extra layer of protection that helps prevent unauthorized access, even if someone else knows your password.

Microsoft Authenticator is more secure than text message MFA because:

  • It is device‑based, not phone‑number‑based
  • It resists SIM‑swap and interception attacks
  • It provides stronger protection against phishing
  • It can eliminate passwords altogether

For these reasons, University of Windsor is implementing MS Authenticator as a primary MFA method and phasing out text message MFA by Dec 31, 2026. 

Installation and Setup

If this app is not yet installed on your mobile device:

  1. Open the app store:
    • iPhone: App Store
    • Android: Google Play Store
  2. Search for Microsoft Authenticator
  3. Install the app published by Microsoft Corporation
  4. Open the app once installation is complete
  5. Tap Allow to allow the app to send your notifications
  6. Tap Accept to acknowledge Microsoft's privacy statement
  7. Tap Continue on the next screen; this will bring you to a screen with three buttons
  8. Tap Add work or school account button

You should now see a box with two options: "Scan a QR" code and "Sign in." Put your phone down for now and switch to your computer. 

  1. On your computer, open a web browser
  2. Go to: myprofile.microsoft.com
  3. Sign in using your work or school account
  4. If prompted, complete any existing MFA challenge

You should now see the Security info page where you will need to add Microsoft Authenticator as a sign‑in method:

  1. On the Security info page, select Add sign‑in method
  2. From the list, choose Microsoft Authenticator

    Uploaded Image (Thumbnail)
     
  3. Click Next on Install Microsoft Authenticator screen
  4. Click Next on Setup your account in app screen
  5. Go back to you phone and tap Scan a QR code option
  6. Tap While using this app to allow Authenticator app to take pictures and record video
  7. Use your phone, to scan the QR code shown on your computer screen
  8. Tap OK on App Lock Enabled screen on your phone
  9. Click Next 
  10. Enter the number shown on your computer screen in the box on Are you trying to sign in screen on your phone and tap Yes 
  11. Tap Done on Authenticator added screen on your computer

Microsoft Authenticator is now registered for MFA in your University of Windsor Microsoft work/school account (UWin Account). You can start using it with Push Notifications with Code or Verification Code (TOTP) methods without any further setup, or you can add one of the two more secure paswordless methods described below: Passkey in MS Authenticator or Passwordless Phone-Sign in with some additional setup.

Using MS Authenticator

The Microsoft Authenticator app supports several authentication methods. These are all tied specifically to the app and provide different levels of security and user experience.

Method Additional Setup Password User Action Security Level
Passkey in MS Authenticator Yes Not used Biometrics / PIN Highest
Passwordless Phone Sign-in Yes Not used Tap Approve + biometrics Very High
Push Notification with Code  No Used Enter code High
Verification Code (TOTP) No Used Enter code High

 

Passkey in Microsoft Authenticator (recommended)

[ setup instructions ]

What it is: A phishing-resistant credential stored in the Authenticator app.

How it works:

  • Uses device-bound cryptographic keys
  • You authenticate using:
    • Face ID / fingerprint / phone PIN

Key benefits:

  • No password required
  • Strongest protection against phishing
  • Credential never leaves your device

Best for:

  • Users with access to sensitive data

 

Passwordless Phone Sign-In

[ setup instructions ]

What it is: Sign in without entering your password, using the app.

How it works:

  • Enter your username only
  • Approve sign-in via Authenticator (push + biometric/PIN)

Key benefit:

  • Eliminates password use entirely
  • Reduces phishing risk

Best for:

  • Users with access to sensitive data that cannot use passkey

 

Push Notification with Code

[enabled by default ]

What it is: A notification is sent to your phone during sign-in.

How it works:

  • You approve the sign-in request in the mobile app with number matching
  • Notification includes app name and location info
  • May require biometric confirmation

Best for:

  • Regular users daily use
  • Easy and fast approval
  • Preventing accidental approvals
  • Reducing “MFA fatigue” attacks

 

Verification Code (TOTP)

[ enabled by default ]

What it is: The app generates a 6-digit code (Temporary One-Time Password) that refreshes every ~30 seconds.

How it works:

  • Open Authenticator to retrieve current code
  • Enter the code manually when prompted on device where you were signing in

Best for:

  • Offline use of your mobile device

 

 

0% helpful - 1 review
Print Article

Related Articles (5)

Initial Setup of Multi-Factor Authentication (MFA)
When you sign in to your new account for the first time, you will be guided through a short setup process to configure multi-factor authentication (MFA). You must complete this step before gaining full access to your account. The setup process is designed to be simple and only takes a few minutes, helping ensure your account is protected from unauthorized access from the very beginning.
Microsoft Authenticator - Device-bound Passkey
A device‑bound passkey stored locally in Microsoft Authenticator app on your mobile device is tied to a single device or authenticator instance and does not sync, meaning it must be re‑registered on each new device. It uses biometrics or a PIN to prove your identity and is resistant to phishing while providing tighter control than synced passkey by keeping the credential confined to one device.
Microsoft Authenticator - Passwordless Phone Sign-in
Microsoft is now supporting phone sign-in which is a type of two-step authentication that does not require the user to enter their password.
Microsoft Authenticator - Reinstalling on Your New Phone
If you have access to a computer, you may be able to update your MFA configuration to include your new phone following steps outlined in this article. If you can't, you have to submit a request by opening a ticket to have your MFA reset.
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) combines two or more independent credentials - what you know (your password) with something you have (mobile phone) in order to create a second layer of security for your UWin Account. Even if someone knows your password, they will be prevented from accessing your account when it is protected by MFA.