61
This section aims to inform you about the different Multi-Factor Authentication (MFA) options available for Microsoft 365 Single Sign-On, as well as the anticipated sign-in experience. By understanding these options and choosing the one that best suits your needs, you can simplify the set-up process.
Your sign-in experience for MFA-protected resources will vary based on the authentication method you choose. Options include the Microsoft Authenticator app (recommended), a phone call, or a text message with a code.
Below you will find several MFA verification methods and the expected sign-in experience.
Sign in experience with the Microsoft Authenticator app (recommended for MFA)
Sign in experience with a phone call
Sign in experience with a text message
Sign in experience with an alternate method
To sign in using the Microsoft Authenticator app via push notification:
1. Sign in to an M365 application or service with your username and password.
2. Microsoft will send a notification to your Microsoft Authenticator app.
3. Open the notification on your phone and select "Verify." You will then be signed in.
Note: If your mobile device supports enhanced biometric features, such as Face ID or Fingerprint ID, you may be prompted to use these for additional verification. This feature is optional and provides an extra layer of security to your M365 sign-in process.
Starting February 27, 2023: When responding to an MFA push notification, the Microsoft Authenticator app will present a number. You must enter this number in the app to complete the sign-in. This "Number Matching" feature enhances the security of traditional second-factor notifications.
Signing in with a Verification Code via Microsoft Authenticator App
If you use the Microsoft Authenticator app for verification codes, you’ll see a number under your account name when you open the app. This code updates every 30 seconds to ensure a unique code each time. When prompted for a verification code, simply open the app and enter the code displayed.
Steps to Sign In:
- Sign in to an M365 application or service with your username and password.
- Microsoft will prompt you for a verification code.
- Open the Microsoft Authenticator app on your phone and locate the IVCC code.
- Enter the current code in the designated box on the sign-in page.
Here’s how the two-step verification process works when using a phone call to your mobile or office number:
1. Sign in to your Microsoft 365 application or service with your username and password.
2. Microsoft will place a call to the phone number you have on file.
3. Answer the call and simply press the # key to complete the verification process.
To complete two-step verification using a text message on your mobile phone:
Sign in to your Microsoft 365 application or service with your username and password.
Microsoft will send a text message to your phone containing a verification code.
Enter the verification code in the designated field on the sign-in page to complete the process.
If you don't have access to the phone or device you set as your preferred verification method, it's important to have backup options set up for your account. The next section explains how to sign in using an alternate method if your primary one is unavailable. Keep in mind that the exact wording you see may vary depending on the Multi-Factor Authentication (MFA) method you've selected as your default.
1. Sign in to a Microsoft 365 application or service with your username and password.
2. Select a link such as "Use a different verification option," "Sign in another way," or "I can't use my Microsoft Authenticator app right now." The options available will depend on the methods you've set up.
3. Choose an alternate method and complete the sign-in process.
