Skip to main content

Step-by-Step Guide: Setting up MFA on a New Mobile Device

By March 10, 2023March 25th, 2023Blog, Microsoft, Security
Setting up Multi-Factor Authentication on a new phone banner

When you get a new phone, one of the tricky things can be getting MFA working on it. While we don’t recommend using text messaging for MFA codes as a usual practice because attackers can spoof your SIM card, this is one instance where it comes in handy, particularly if you had to hand in your old phone when you upgraded and no longer have access to it.

Before you give up your old phone:

Step 1: Set up your mobile phone number as a backup authentication method

  1. Log into Office.com in a browser
  2. Click on your account portrait in the upper right
  3. Click “View account”
  4. In the Security Info box, click “UPDATE INFO”
  5. Click on “+ Add sign-in method”
  6. Select Phone from the drop down and click Add
  7. Make sure the button “Text me a code” is selection and enter your phone number, then click Next
  8. Enter in the code they give you. You can now use your phone as a backup code source.

Step 2: Remove your authenticator app on your old phone from Microsoft 365

  1. Still on the Security info page, click the “Delete” link next to Authenticator App. Confirm when it asks if you’re sure.
  2. Click the “Change” link up at the top where it says “Default sign-in method”
  3. Select Phone – Text and click Confirm
  4. Now text messages to your phone number are your default MFA method. Remember, we want to use this for as little time as practical because text messages are significantly less secure than using an authenticator app.

Once you get your new phone:

Step 3: Install authenticator on your new phone and register with Microsoft 365

  1. Download your authenticator app of choice. We recommend Microsoft Authenticator on the Apple and Google Play stores, but many password managers like 1Password can also provide One Time Password (OTP) codes.
  2. Go back to Office.com and sign in, using a text to your phone as MFA if asked.
  3. Click on your portrait in the upper right, then “View Account”
  4. In the Security Info box, click “UPDATE INFO”
  5. Click on “+ Add sign-in method”
  6. Select “Authenticator App” and click Add
  7. Follow the on-screen instructions to set up the app of your choice

Step 4: Set Authenticator as the default and remove your phone number

  1. Click the “Change” link up at the top where it says “Default sign-in method”
  2. Select “Authenticator app or hardware token – code” and click Confirm
  3. Click “Delete” next to Phone to remove your phone and prevent people from gaining access to your account with a cloned SIM card
  4. That’s it! Your account is now fully secure and ready to go using the authenticator app on your new phone for authentication.

Jeff Kirvin, PEI

Leave a Reply