Setting Up MFA For A New User

MFA is required in a lot of places. In this document, I will show you how to get started, how to reset your MFA, and some details about the most popular authenticators.

Setting Up MFA For A New User

Multi-factor authentication is used in many organizations. It increases your security and protects you against others trying to gain access to your applications. It also protects the company, so it is very important. This article will focus on using phones as the second factor for individuals.

Download The Apps

Go to your app store on your phone and download your authenticator of choice. I will use Microsoft’s app in this example, but Google has an excellent authenticator as well. The apps are called “Microsoft Authenticator” and “Google Authenticator”. They look different on the inside but serve the same function. Later in this document, I will go over each one in more detail.

Enrolling

Here are the steps to enroll using Microsoft Authenticator. I go over each item in more detail in case it is needed by a first time user.

  • Download Microsoft Authenticator from app store on your phone

  • Go to Office.com and log in with your work email and password

  • Follow the prompts until you can add an account

  • Select work or school

  • Follow more prompts until you see a QR code

  • Scan the QR code with your phone camera

  • Hit approve when asked then select done.

If you want more in-depth instructions, keep reading. In our organization, we want to go to Office.com and log in with your work email and use your work password when asked. In the “More information required” page, you will just hit next. When you are asked to “add an account”, you will select “Work or School”. Follow the prompts and you will eventually see a QR code to scan with your phone. Open up your phone camera and place QR code in the middle and fill the shot if needed. You should get a notification on your phone, just hit “Approve”. Follow any other prompts and then select “Done” when you see it. You are now enrolled in MFA with Microsoft Authenticator.

Resetting MFA

If a user changes their phone, they will need to reset their MFA. The user cannot do this on their own. From the IT side, we will have to change some settings.

  • Go to portal.azure.com

  • Search for user

  • Select authentication methods

  • Select Revoke MFA

  • Select Re-register MFA

If you need more detailed instructions, those follow now. The first thing we want to do is go to portal.azure.com and log in with our credentials when asked to. Search for the user in question. On the left sidebar, select “Authentication Methods”. On the top bar, select “Revoke MFA Sessions” and then “Require Re-register MFA”. Now, the user can enroll on their new phone using the instructions at the beginning of this document.

Using The Microsoft Authenticator App

This is a free app from Microsoft and should be in every app store. We can use it for personal or work uses. The purpose of an authenticator app is to prove who you are. This is done by giving information that only you would have access to. It is also useful because you can use it to log in without a password.

It works pretty simply. When you log into an account that is set up, it will ask you to approve the sign in or provide a numerical code for authentication. Your authenticator app will provide this code, so it is easy to find. You just input it where the account asks you to.

When setting up, you can use your Microsoft email or even a third party email from your work. After you log in for the first time, they will ask you to log in with a code. Usually, we do this by text because you already have the app downloaded on your phone. It is super easy this way. After this is done, the app is linked to your account.

If it is not a Microsoft account, then you will hit the three dots button and select “Add Account”. Next, you will select “Other Account”. Go back to the third-party site where you created an account and tell it you want to use an application for MFA. It will give you either a QR code or a numerical code to enter. Name this account in a way that makes sense to you and you are all set.

The Microsoft Authenticator can do even more. You can also use it to autofill passwords and payment information. Just open the app and go to the tab you want to work in. An example is the payments tab. You just fill in your information.

Using The Google Authenticator App

This app works similarly to the Microsoft app. For MFA, it is an excellent alternative. You would use this if you prefer to keep all your apps to one vendor, like Google. It will let you use MFA with a code or just the application, where you hit approve to give access.

One thing to note here, to use an authenticator app, the website has to support its use. Usually, it creates a QR code to connect the app on your phone to the site.

It will be in your app store under “Google Authenticator”. Download and install the app. Close the app and open a browser on your computer. You will then log into your Google account. Use your Google email and password here. Under your account, select the “Sign in and Security” section. Look down the page and select “2-Step Verification”. Make sure it is turned on because this is essential to the app functioning.

Under the “Authenticator App” section, select “Set Up”. Choose whether you have an Apple or Android phone. You will then hit next and when a QR code appears, scan it with your phone camera. That is the easiest way to set things up. You can also use a code, just input it when asked to. Your new Google Authenticator app will generate the code for you.

Now, go to the app again and hit the big “plus” button. Scan the QR code the site generated for you.

Conclusion

In this document, we talked about what MFA is and why you need it. Then I showed you how to enroll using the Microsoft Authenticator. Resetting MFA is easy as well, but takes an IT member to perform. If you need to do this, just ask one of them. Finally, I talked about an alternative, the Google Authenticator. It does MFA just as well. I talked about how to set it up and add an account.