111
How to Set Up Microsoft Authenticator for Multi-Factor Authentication (MFA)
This guide walks you through downloading, installing, and configuring the Microsoft Authenticator app to secure your account with multi-factor authentication (MFA). This applies to any account that supports TOTP-based authenticator apps or Microsoft's push notification flow.
Prerequisites
- A smartphone running iOS 16.0+ or Android 8.0+
- Access to the account you want to protect (admin portal, Microsoft 365, or your company's app)
- A stable internet connection on both your phone and computer
Steps
Download the Microsoft Authenticator App
On your mobile device, download the app from the appropriate store:
- iPhone/iPad: App Store — Microsoft Authenticator
- Android: Google Play — Microsoft Authenticator
Open the app once installed.
Begin MFA Setup in Your Account
On your computer or browser, navigate to your account's security settings. The exact path varies by platform:
| Platform | Path |
|---|---|
| Microsoft 365 / Azure AD | aka.ms/mfasetup → Add sign-in method |
| Company/IT portal | Settings → Security → Two-Factor Authentication |
Click Add sign-in method (or Set up authenticator app, depending on your portal), then select Authenticator app from the list.
Scan the QR Code
Your screen will display a QR code. On your phone:
- Open the Microsoft Authenticator app.
- Tap the + (plus) icon in the top-right corner.
- Select Work or school account (for company/Microsoft 365 accounts) or Other account (for personal/third-party accounts).
- Tap Scan a QR code and point your camera at the QR code on your screen.
Can't scan the QR code? Tap Can't scan image? on your computer — you'll get a manual code you can enter instead.
You should see a new entry appear in the Authenticator app with a rotating 6-digit code.
Verify the Setup
Back on your computer, click Next. You'll be prompted to verify the connection works:
- If using push notifications: Approve the test notification that appears on your phone.
- If using a one-time code (TOTP): Enter the 6-digit code currently displayed in the app.
Click Verify or Done to complete the setup.
Verify It Worked
Sign out of your account and sign back in. After entering your password, you should be prompted to approve the login via Microsoft Authenticator (either a push notification or a code entry). If you see this prompt, MFA is working correctly.
Common Issues
"I didn't receive a push notification" Ensure your phone has an internet connection and that notifications are enabled for the Authenticator app. Go to your phone's Settings → Notifications → Microsoft Authenticator and confirm alerts are allowed.
"My code is invalid or expired" TOTP codes rotate every 30 seconds. Make sure your phone's date and time are set to automatic/network time. A clock mismatch is the most common cause of invalid codes.
"I lost my phone / got a new phone" If you no longer have access to your old device, contact your IT administrator or account support team to reset your MFA and re-enroll. For personal Microsoft accounts, use a backup method (email or phone) via account.microsoft.com/security.
"The QR code won't scan" Ensure your camera lens is clean and the QR code fills most of the frame. If scanning still fails, use the manual entry code (see Step 3 above).
Related Articles
- How to Reset or Change Your MFA Method
- Troubleshooting: Locked Out of Your Account After Enabling MFA
- How to Set Up Backup Authentication Methods
- Supported Authentication Apps for [Your Product Name]
