Microsoft Authenticator

Configuring the Microsoft Authenticator

Microsoft has the most recent detailed steps with example images for configuring the authenticator app on their website. Below is a brief version of the steps outlined there.

You will need your mobile phone or tablet and a computer with access to the internet to configure the app. After configuring the app, you will be able to use the notification based verification when online or the one-time passcode (OTP) verification method when online or offline. 

Setting up the authenticator will require the Microsoft Authenticator app be installed on your mobile phone or tablet. It can be found in the Apple and Google Play app stores published by the Microsoft Corporation.  Microsoft has an app store portal that contains links to the app for both Android and iOS. 

After installing the app on your mobile phone or tablet, go to the My Account portal on your computer and sign in with your Western Universal account (username@wwu.edu). 

Select Security info on the left to access your existing authentication methods. The methods listed here will be used when you are prompted for MFA. Select + Add method then select Authenticator app then follow the prompts presented to finish setup on your mobile device or tablet. Following setup, you will want to set the authenticator app as your default sign-in method.

A video example from ATUS shows how to configure your account for MFA using the Microsoft Authenticator. 

If you need additional assistance with step by step instructions Microsoft has a support article with included screenshots here or you may reach out to the Help Desk

 

Using the Microsoft Authenticator with push notifications

If you have set up the Microsoft Authenticator app, you will see a notification pop up on your phone when signing into your universal account. In the notification you will be presented with a field to enter the number you see on your computer screen and the choices Yes or No, this isn't me. Enter the number displayed then Tap Yes to authenticate.

Please note that if your phone is in do not disturb mode, or if you have notifications for new apps silenced you may not receive the notification as expected.

Adding an Alternative Authentication Method

There are some situations where an alternative to the Microsoft Authenticator may be useful. The Alternative Authentication Methods knowledgebase article contains a list of additional methods that may be utilized as an authentication method. Some situations where these additional methods may be useful are for cases where using the Microsoft authenticator app online is not possible or practical or providing a backup means of authentication in the event your primary device is lost. 

NOTE: When You Receive a New Phone

When you receive a new phone through an upgrade or simply replacing your old phone you will need to register your new device to use the Microsoft Authenticator app. This new phone registration process for the is only needed for the Authenticator app. If you retain the same phone number, text message-based MFA codes do not require reconfiguration.

While many device upgrade and migration programs will transfer and automatically install apps for you, the configuration and registration of your Microsoft Authenticator may not be transferred despite being installed.

Registering a new phone or removing an existing phone will prompt for MFA authentication. 

While it is typically most convenient to have access to your old phone’s MFA app, in the event you do not have access to the app you may instead authenticate using a previously configured phone number via text or call. If your new phone has been activated with your previously configured MFA phone number, you may use it for the MFA prompt when updating your MFA sign-in methods.

If you do not have access to any previously configured MFA methods, for example, if your old phone was lost or stolen, please contact the ATUS Help Desk to be supplied a temporary access pass after verifying your identity.  This pass is a special, time-limited, and randomly generated, secondary password that can be used in place of your previously configured device to gain access to your account for the purpose of updating your MFA sign-in methods.

To register your new phone, please sign into your My Account portal and follow the same methods above, as if setting up the app for the first time. Microsoft has a video on the process that is 2 minutes long.

After registering your new phone, you may delete the old phone from your list of authentication methods then change the default sign-in method to your new phone from that same My Account portal.

A screenshot of the MFA sign in methods configured on an individual's Microsoft 365 account. The default sign-in method and old phone deletion options are highlighted.