Skip to main content

Author: Jess

Microsoft Authenticator: The Complete Guide for Business Users

Written by Jess on . Posted in News.

Passwords alone are no longer enough. With phishing attacks, credential stuffing and brute force attempts hitting businesses every day, relying on a password is a bit like locking your front door but leaving the window wide open.

That is where multi-factor authentication (MFA) comes in. And Microsoft Authenticator is one of the simplest, most reliable ways to get it set up across your organisation.

This guide covers everything business users need to know: what it is, how it works, how to use it day to day, what to do when things go wrong, and how to stay safe from a growing threat called MFA fatigue.

What Is Microsoft Authenticator?

Microsoft Authenticator is a free app for iOS and Android that adds a second layer of security to your Microsoft 365 account (and many other services). When you log in, you are not just asked for your password. You also have to prove it is really you by approving a notification or entering a short code from the app.

That second step is what makes it so effective. Even if someone gets hold of your password, they still cannot get into your account without your phone.

The numbers are stark: Microsoft’s own research shows that enabling MFA blocks more than 99.9% of automated account compromise attacks. For any business using Microsoft 365, enabling it is not optional. It is essential.

How Microsoft Authenticator Works

There are two main ways the app proves your identity:

  • Push notifications: When you sign in, a notification pops up on your phone. It shows you the app you are signing into, your location and a two-digit number that matches what is shown on your screen. Tap Approve and you are in.
  • One-time codes (TOTP): The app generates a six-digit code that refreshes every 30 seconds. You type this code into the sign-in screen. Useful when you do not have mobile data or if push notifications are unavailable.

Both methods are far more secure than SMS codes, which can be intercepted. The Authenticator app works offline and is tied to your specific device, making it much harder to spoof.

Setting It Up

Getting started takes about five minutes. The short version:

  • Download the Microsoft Authenticator app from the App Store or Google Play
  • Sign into your Microsoft 365 account at mysignins.microsoft.com/security-info
  • Add a sign-in method and select Authenticator app
  • Scan the QR code shown on screen
  • Approve a test notification to confirm everything is working

For a full walkthrough with screenshots, see our step-by-step setup guide.

If you are rolling MFA out across a team, your IT admin can enforce it through Azure Active Directory Conditional Access policies, so users are prompted to set it up automatically on their next sign-in.

Using It Day to Day

Once it is set up, Microsoft Authenticator mostly stays out of the way. You will typically only see it when signing into a new device, after a period of inactivity, or when accessing something sensitive.

Here is what a normal sign-in looks like:

  • Enter your email and password as usual
  • A notification appears on your phone
  • Check the two-digit number matches what is on your screen
  • Tap Approve
  • Done. You are in.

The whole thing takes about five seconds. Once you get used to it, it becomes second nature.

Managing Authenticator: New Phone and Backup Methods

The biggest gotcha with any authenticator app is: what happens when you get a new phone, lose your device, or it breaks?

The good news is Microsoft has thought about this.

  • Cloud backup: Enable the backup option in the app settings. On Android this uses your Google account; on iOS it uses iCloud. If you get a new phone, you can restore your accounts during setup.
  • Add a backup sign-in method: Go to mysignins.microsoft.com/security-info and add a secondary method, such as a backup phone number or email. This gives you a fallback if you cannot access the app.
  • Temporary access pass: If your IT admin has enabled it, they can generate a short-term passcode that lets you sign in and re-register your new device without needing the old phone.

The biggest mistake people make is waiting until they are locked out to think about this. Set up your backup methods now, while you still have access.

Common Issues and How to Fix Them

  • Notification did not arrive: Check your phone is connected to the internet and that notifications are enabled for the app. You can also use the one-time code as a fallback.
  • Code says it is invalid: Make sure your phone’s clock is set to automatic time sync. TOTP codes are time-sensitive and drift of even 30 seconds can cause failures.
  • App is not showing accounts: If you reinstalled the app without restoring from backup, you may need to re-add your accounts. Contact your IT admin if you are unable to sign in.
  • Locked out completely: Your IT admin can reset your MFA registration in the Azure portal, or issue a Temporary Access Pass to get you back in.

MFA Fatigue: A Real and Growing Risk

There is one attack you need to know about: MFA fatigue, sometimes called MFA prompt bombing.

Here is how it works. An attacker has already obtained your password (perhaps from a data breach or phishing). They then attempt to sign in repeatedly, sending a flood of approval notifications to your phone. The hope is that you will eventually tap Approve out of frustration or confusion.

Several high-profile breaches have happened this way.

How to protect yourself:

  • Never approve a notification you did not initiate. If a request appears and you are not actively signing in, deny it immediately.
  • Check the number match. Microsoft now shows a two-digit code that must match between the app and the sign-in screen. This means you cannot accidentally approve a request from an attacker.
  • Report unexpected requests. If you start receiving repeated sign-in requests you did not trigger, tell your IT team straight away. It likely means your password has been compromised and needs changing.

Why Businesses in Manchester and Beyond Need This Now

Cyber attacks on small and medium businesses are increasing every year. Ransomware, business email compromise and account takeovers are not just problems for large corporations. They hit local businesses hard, often with no warning.

Enabling Microsoft Authenticator across your team is one of the most cost-effective security steps you can take. It costs nothing (the app is free), takes minutes to set up, and stops the vast majority of automated attacks in their tracks.

Need Help Rolling It Out?

If you would like support setting up MFA across your business, migrating to Microsoft 365, or reviewing your overall cyber security posture, the team at Pro Business are here to help.

Get in touch at support@pro-business.co.uk or give us a call. We work with businesses across Manchester and the North West, and we will get you sorted without the jargon.

How to Set Up Microsoft Authenticator: Step-by-Step Guide

Written by Jess on . Posted in News.

If your IT team or Microsoft has prompted you to set up multi-factor authentication (MFA), this guide will walk you through the whole process in plain English. It takes about five minutes and you will only need your phone and a computer.

What You Will Need

  • Your smartphone (iPhone or Android)
  • A computer or laptop signed into your Microsoft 365 account
  • Your Microsoft 365 email address and password

Step 1: Download the Microsoft Authenticator App

On your phone, open the App Store (iPhone) or Google Play Store (Android) and search for Microsoft Authenticator. It is free and published by Microsoft Corporation. Download and install it.

Once installed, open the app. You will be shown a welcome screen. You do not need to do anything in the app just yet.

Step 2: Go to Your Microsoft Security Settings

On your computer, open a browser and go to:

mysignins.microsoft.com/security-info

Sign in with your work Microsoft 365 account if prompted. You will see a page called Security info showing your current sign-in methods.

Step 3: Add the Authenticator App

  • Click Add sign-in method
  • From the dropdown, choose Authenticator app
  • Click Add
  • Click Next on the screen that explains what the Authenticator app does
  • On the next screen, click Next again. Microsoft will now show you a QR code on your screen.

Step 4: Scan the QR Code

Now switch to your phone:

  • In the Microsoft Authenticator app, tap the + button (top right on iPhone, or the add icon on Android)
  • Choose Work or school account
  • Choose Scan a QR code
  • Point your phone camera at the QR code on your computer screen

The app will scan it automatically and add your account. You will see your name and email address appear in the app.

Step 5: Allow Notifications

When prompted on your phone, allow the Microsoft Authenticator app to send you notifications. This is how it will notify you when you need to approve a sign-in. Without notifications enabled, the app will not be able to send you approval prompts.

On iPhone: tap Allow when iOS asks about notifications.

On Android: tap Allow when prompted.

Step 6: Approve the Test Notification

Back on your computer, click Next. Microsoft will send a test notification to your phone to confirm everything is working.

  • A notification will appear on your phone
  • It will show a two-digit number. Check that number matches what is shown on your computer screen
  • Tap Yes or Approve on your phone

Your computer will confirm that the app is set up. Click Next and then Done. That is it. You are set up.

Using Microsoft Authenticator Day to Day

Once it is configured, here is what happens each time you sign in:

  • Enter your email and password as normal
  • A notification appears on your phone with a two-digit number
  • Check the number matches what is on your screen
  • Tap Approve
  • You are signed in

If you do not have mobile data or the notification does not arrive, open the Authenticator app and use the six-digit code shown under your account. Type that code into the sign-in screen instead. The code refreshes every 30 seconds.

Getting a New Phone

Before you get a new phone, do two things:

  • Enable cloud backup in the Authenticator app settings (Google account on Android, iCloud on iPhone)
  • Add a backup sign-in method at mysignins.microsoft.com/security-info, such as an alternative phone number

When you set up your new phone, install the Authenticator app and restore from your backup. Your accounts will be transferred. If you get stuck, your IT admin can reset your MFA registration so you can start fresh.

Need Help?

If you ran into any problems during setup, or if your business needs help rolling out MFA across the whole team, the Pro Business team are here for you.

Drop us an email at support@pro-business.co.uk and we will get you sorted. We support businesses across Manchester and the North West with Microsoft 365, cyber security and IT support.