Microsoft has been slowly rolling out new security settings for Microsoft 365 users starting October 2022. You may have been prompted to download and set up Authenticator but chose instead to press the 'skip for now...' button. There's no shame in that. Setting up Authenticator is not the most straightforward process, and some steps could be confusing. Additionally, Microsoft security policies are constantly evolving so what you experience on one day may not be repeated in a month. If your domain admin has not already set up multifactor authentication for you, you might be surprised one day when you get a pop up that says, “More information required”. This is a sign that you will need to follow the steps to set up multifactor authentication.
While it’s true that you can use any authentication app that you want for the moment. It seems likely that Microsoft will soon insist on users switching to Microsoft Authenticator as the only supported TOTP (temporary one-time password) application. So how do you set up Microsoft Authenticator? Read on for instructions.
Before you follow the steps you will need to download the app for your device. If you have already downloaded the app proceed to step 1.
To download the app for your smartphone for your please see the links below:
Step1. When prompted for ‘More information’ click ‘Next’
Step 2. You have a choice of how you will authenticate
a. If you want to be able to sign in using the fingerprint on your phone, choose ‘Receive notifications for verification’
b. If you would rather receive a new code each time you authenticate, choose ‘Use verification code’.
Step 4 Click ‘Setup’. A QR code will appear on your screen. Leave that window open and switch to your phone.
Step 5 (On your phone) Open the Authenticator app and select the ‘+’ sign to add your account.
Step 6 (On your phone) Chose ‘Work or school account’
Step 7 Scan the QR code displayed on your computer with the Authenticator app. Select the ‘got it’ button to return to the main page of the authenticator app
Step 8 On your computer Click ‘Next’, and ‘Next’ again
Step 9 On your computer you will be prompted to display the code from the authenticator app. Enter it in the box and select ‘verify’ Step 10 enter a mobile phone number as a backup means of authentication. (if you have already done this then you will not be prompted to do it again.
You can also see the steps in actions in this Microsoft video.
We all need to do a little more to keep our accounts secure. Microsoft's security changes can be painful for users who are not prepared for them. When you compare that pain with the pain of having your account compromised, and your funds diverted in a phishing campaign against your clients it's easier to see how taking these proactive steps makes sense.
Social media accounts are also under heavy attack from cyber criminals that want to use them for their own means. You can find out more about how to secure your social media accounts in my article linked here.