Using the Microsoft 365 Authenticator app

Complete Multi-Factor Authentication (MFA) using the Microsoft Authenticator app previously installed and set up on your smartphone.

To print this document, go to File and select Print (Control+P in Windows or Command+P in Mac). You can also choose to save as PDF file from there. Note: Scroll to the bottom of this page to ensure all images are printed.

Being notified

1. When trying to use Microsoft Office 365 through a web browser, mobile app, or desktop application, you might be prompted to complete MFA before being allowed to access your account.
2. Before the MFA prompt, you might be prompted to log in to Office365. If you are, do so as normal using your Cardiff University email address and password.
   • Those without a Cardiff University email address (and only a username) must enter the username followed by ‘@cardiff.ac.uk’.
3. You will be notified that this sign-in attempt needs further approval through MFA and that Microsoft has sent a notification to the smartphone on which you previously set up the Microsoft Authenticator app.
4. Your smartphone should then show a pop-up notification (or message on the lock screen) from the Microsoft Authenticator app asking you to enter the two digits displayed and click Yes. If you have not been asked for this, select No, it's not me.

5. If the Microsoft Authenticator app lock is active, you will need to enter your smartphone unlock code, or biometric (such as fingerprint or face recognition) before your response will be accepted.
6. If you are unable to respond to the notification in a timely manner, you will be offered another chance by clicking Send another request to my Microsoft Authenticator app.

Using MFA when offline

Signing in with the Authenticator app as an alternative method

1. If you are prompted to complete MFA using your default method (phone call or browser extension), and instead you want to use the Microsoft Authenticator app that you have previously set up, you can click on sign in another way. Or click on the left-pointing arrow found to the left of your email address.

2. You will then be presented with a set of options on how to complete MFA. The exact options will depend upon which MFA methods you have previously configured.

It is highly recommended that you set up several methods of completing MFA to ensure you can still access your account should you encounter difficulties with one of the methods.

3. To use the Microsoft Authenticator app, click on Approve a request on my Microsoft Authenticator app.

Setting the Microsoft Authenticator app as the default method

If you have configured another MFA method (such as an automated phone call or a different authenticator application) as your default method, you can alter this to make the Microsoft Authenticator app the default.

1. To start the process, use a web browser to navigate to https://aka.ms/mfasetup.
2. You will be prompted to log in to Office365 using your Cardiff University email address and password. You might be challenged to complete MFA using one of the methods you have already set up.
   • Those without a Cardiff University email address (and only a username) must enter the username followed by ‘@cardiff.ac.uk’.
3. After successfully logging in, you will be taken to the My Sign-ins page where you can review the MFA methods you have already set up so far. Next to Default sign-in method: click on Change.

4. Pick Microsoft Authenticator – notification from the list of options.

5. The default sign-in method will now show Microsoft Authenticator – notification.

Renaming and removing your account

1. If you want to rename the entry for your account within the Microsoft Authenticator app, open the app on your smartphone, tap into your Cardiff University account, and then tap on the cog icon in the top right hand corner of the screen.

2. Tap Account name to be able to enter a new description for how the app will refer to the account. Note this only affects how the Microsoft Authenticator app lists this account on your smartphone.
3. If you need to remove this account from the Microsoft Authenticator app completely (for example because you need to undertake set up again on this or a different smartphone) tap on Remove account. If you understand the consequences of continuing (see note below), and are happy to proceed, tap as appropriate to confirm.

Before you remove your account from the app, ensure that you have set up the Microsoft Authenticator app on another smartphone and confirmed that it is functioning correctly with your account or that you have other methods of completing MFA already set up and confirmed as working. Otherwise, you will find that you cannot complete MFA and will be locked out of your account.

Exiting phone sign-in

Phone sign-in has not been configured and enabled at Cardiff University. If you accidentally activate this function, it will change your MFA experience but will not operate correctly, resulting in errors.

1. If your MFA prompt asks you to tap a corresponding two-digit number on the Microsoft Authenticator app or if you receive an error message indicating that Your company policy requires that you use a different method to sign in, then you need to deactivate phone sign-in.

2. Open the Microsoft Authenticator app on your smartphone and tap into your Cardiff University account. Then tap disable phone sign-in and Confirm.
3. The app should now show enable phone sign-in, indicating that phone sign-in has been successfully disabled.