Export (0) Print
Expand All

Signing in for the first time using Azure Multi-Factor Authentication

Published: May 20, 2013

Updated: March 23, 2015

The following sections will provide guidance on signing in for the first time using Azure Multi-Factor Authentication. Additional security verification settings are used when an admin has configured your account to require that both your password and a response from your phone must be used to verify your identity. If an administrator has configured your account to require additional security verification, you will be unable to sign-in until you have completed the auto-enrollment process. Using the enrollment process you will be able to specify your preferred method of verification.

  • Mobile Phone Call: Places an automated voice call to the Authentication phone. The user answers the call and presses # in the phone keypad to authenticate. This phone number will not be synchronized to on-premises Active Directory.

  • Mobile Phone Text Message: Sends a text message containing a passcode to the user. The user is prompted to either reply to the text message with the passcode or to enter the passcode into the sign-in interface.

  • Office Phone Call: Places an automated voice call to the user. The user answers the call and presses # in the phone keypad to authenticate.

  • Mobile App: Pushes a notification to the Multi-Factor mobile app on the user’s smartphone or tablet. The user taps “Verify” in the app to authenticate. Alternately, the app can also be used as an OTP token for offline authentication. The user enters the token into the sign-in screen to authenticate.

    The Multi-Factor Authentication app can operate in 2 different modes to provide the additional security that a multi-factor authentication service can provide. These are the following:

    1. Notification - In this mode, the Multi-Factor Authentication app prevents unauthorized access to accounts and stops fraudulent transactions. This is done using a push notification to your phone or registered device. Simply view the notification and if it is legitimate select Authenticate. Otherwise you may choose Deny or choose to deny and report the fraudulent notification. For information on reporting fraudulent notifications see How to use the Deny and Report Fraud Feature for Multi-Factor Authentication.

    2. One-Time Password - In this mode, the Multi-Factor Authentication app can be used as a software token to generate an OATH passcode. This passcode can then be entered along with the username and password to provide the second form of authentication.

    The Multi-Factor Authentication app is available for Windows Phone, Android, and IOS.

    WarningWarning
    The Multi-Factor Authentication app functionality has now been added to the Azure Authenticator app for Android devices. The old MFA app will still work for Android devices but going forward Azure Authenticator will replace this app. The Windows Phone and IOS versions are still in development and will be released shortly.



    To ensure that you are downloading the correct mobile app, use the links above and look for the following logo:



    Mobile App Icon

ImportantImportant
Downloadable versions of the enrollment process are available for both enrolling using a mobile phone as your contact method and enrolling using a mobile app as your contact method. These can be downloaded and printed and used for quick reference as you complete the enrollment process.

The following sections below will provide a walkthrough of how to setup each of the contact methods that have been outlined above.

The following will walk you through setting up multi-factor authentication to use your mobile phone for either a call or text as your contact method.

  1. Select Authentication Phone from the drop-down

  2. Specify your country from the drop-down.

  3. Enter your mobile phone number in the box next to country.

  4. Select the mode you would prefer to use with your mobile phone.

    • Text – select the Send me a code by text message radio button. This is selected by default.

    • Call – select the Call me radio button.

  5. Click Next.

configure page

  1. Click the Verify Now button. This will initiate a call to your mobile phone. Be sure to have it with you. Depending on the mode you selected, Text or Call your response will be different.

  2. If you selected the text mode, a 6 digit code will be texted to you. Enter this code in the box that is displayed in the browser.

    Text response to verification

  3. If you selected the call mode, you will receive a phone call. Respond to the call using the # sign on your phone.

    Calling you

  4. At this point, your verification should be successful. Click Next.

    Verification Successful

  1. At this point, you have setup your contact method and now it is time to setup app passwords for non-browser apps such as Outlook. If you are using non-browser apps such as Outlook, click generate app password. Otherwise, click I don’t use this account with these apps.

    ImportantImportant
    Microsoft is currently in the process of updating the Office 2013 client applications to support Multi-Factor Authentication through the use of the Active Directory Authentication Library (ADAL). These updates will be coming to various Office 2013 clients over the next serveral months.

    This will mean that once these updates are available, app passwords will no longer be required for Office 2013 clients. However, until these updates are available, app passwords will still be required.

    Currently the following Office 2013 clients no longer require the use of app passwords:

    • Office 2013 for IOS

    • Office 2013 for OS X

    For additional information on these updates see: Office 2013 updated authentication enabling Multi-Factor Authentication and SAML identity providers

    Add App Passwords

  2. This will bring up a password for your non-browser app. Click copy to clipboard.

    app password

  3. Click done.

  4. This example uses Outlook. So if Outlook is open, close it. Then re-open Outlook, when Outlook attempts to connect to your Office 365 account you will get a username and password box.

    app password 6

  5. Paste the password that was copied to the clipboard into your non-browser application. For steps on individual applications such as Outlook and Lync see How to change the password in your email to the app password and How to change the password in your application to the app password.

The following will walk you through setting up multi-factor authentication to use your office phone for a call as your contact method.

  1. Select Office Phone from the drop-down

  2. Specify your country from the drop-down.

  3. Enter your mobile phone number in the box next to country.

  4. Click Next.

add office phone

  1. Click the Verify Now button. This will initiate a call to your office phone. Be sure to be near it.

  2. You will receive a phone call. Respond to the call using the # sign on your phone.

  3. At this point, your verification should be successful. Click Next.

    Verify Office Phone

  1. At this point, you have setup your contact method and now it is time to setup app passwords for non-browser apps such as Outlook. If you are using non-browser apps such as Outlook, click generate app password. Otherwise, click I don’t use this account with these apps.

    ImportantImportant
    Microsoft is currently in the process of updating the Office 2013 client applications to support Multi-Factor Authentication through the use of the Active Directory Authentication Library (ADAL). These updates will be coming to various Office 2013 clients over the next serveral months.

    This will mean that once these updates are available, app passwords will no longer be required for Office 2013 clients. However, until these updates are available, app passwords will still be required.

    Currently the following Office 2013 clients no longer require the use of app passwords:

    • Office 2013 for IOS

    • Office 2013 for OS X

    For additional information on these updates see: Office 2013 updated authentication enabling Multi-Factor Authentication and SAML identity providers

    Add App Passwords

  2. This will bring up a password for your non-browser app. Click copy to clipboard.

    app password

  3. Paste the password that was copied to the clipboard into your non-browser application. For steps on individual applications such as Outlook and Lync see How to change the password in your email to the app password and How to change the password in your application to the app password.

  4. If you need additional app passwords, click I’ll need more app passwords. Otherwise, click done.

The following will walk you through setting up multi-factor authentication to use your mobile phone app as your contact method. You should ensure that you have downloaded and installed the Multi-Factor Authentication app on your phone prior to attempting this walkthrough. The Multi-Factor Authentication app is available for Windows Phone, Android, and IOS.

WarningWarning
Please be aware that these are the only mobile apps that are supported to work with Azure Multi-Factor Authentication. Authenticator for Microsoft accounts is not supported for use with Azure Multi-Factor Authentication.

To ensure that you are downloading the correct mobile app, use the links above and look for the following logo:

Mobile App Icon

  1. Select Mobile App from the drop-down

  2. Click Configure.

    Mobile App as contact method

  3. On the phone that has the Multi-Factor Authentication app installed, launch the app.

  4. On the phone that has the Multi-Factor Authentication app, click the + sign to add a new account.

    authenticate

  5. Scan the barcode picture that came up with the configure mobile app screen.

  6. On the phone with the Multi-Factor Authentication app, a 6 digit code should be displayed. Once you see this click the check mark button on the configure mobile app screen.

    WarningWarning
    Be aware that if you are unable to scan the bar code you can enter the code and url manually. Simply enter the code and url from the configure app screen into the code and url boxes on the Multi-Factor Authentication app.

  7. Click done. This will start an activation status check. Once this completes, the screen should say Mobile app has been configured. Click Next.

    configure mobile app

  1. Click the Verify Now button. This will initiate a notification being sent to your mobile phone. Be sure to have it with you.

  2. On your mobile phone, once you receive the notification, click Verify.

    Notification

  3. It should now say that you have successfully completed the sign in. Click Close

    mobile app click close

  4. At this point, your verification should be successful. Click Next.

    Verification Successful

  1. At this point, you will need to enter your mobile phone number in case you lose access to your mobile app.

    Enter mobile number

  2. Specify your country from the drop-down.

  3. Enter your mobile phone number in the box next to country.

  4. Click Next.

  1. At this point, you have setup your contact method and now it is time to setup app passwords for non-browser apps such as Outlook. If you are using non-browser apps such as Outlook, click generate app password. Otherwise, click I don’t use this account with these apps.

    ImportantImportant
    Microsoft is currently in the process of updating the Office 2013 client applications to support Multi-Factor Authentication through the use of the Active Directory Authentication Library (ADAL). These updates will be coming to various Office 2013 clients over the next serveral months.

    This will mean that once these updates are available, app passwords will no longer be required for Office 2013 clients. However, until these updates are available, app passwords will still be required.

    Currently the following Office 2013 clients no longer require the use of app passwords:

    • Office 2013 for IOS

    • Office 2013 for OS X

    For additional information on these updates see: Office 2013 updated authentication enabling Multi-Factor Authentication and SAML identity providers

    step 4 app password

  2. This will bring up a password for your non-browser app.

    app password

  3. In this example we will be adding the app password to our email on our Windows 8 mobile phone, so we do not copy to the clipboard. Leave the password on the screen and on your phone go to Settings.

    apppasswordphone1

  4. Click on email+accounts

    apppasswordphone2

  5. Click on Microsoft account

    apppasswordphone3

  6. Enter the password in the box and click the checkmark. For steps on individual applications such as Outlook and Lync see How to change the password in your email to the app password and How to change the password in your application to the app password.

    apppasswordphone4

  7. If you need additional app passwords, click I’ll need more app passwords. Otherwise, click done.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft