Using the Microsoft 365 Authenticator app to verify your login

1. When trying to use Microsoft Office 365, either through a web browser, mobile app, or desktop application, you might be prompted to complete MFA before being allowed to access your account.
2. Before the MFA prompt, you might be prompted to log in to Office365. If you are, do so as normal using your Cardiff University email address and password.
   • Those without a Cardiff University email address (and only a username) will need to enter the username followed by ‘@cardiff.ac.uk’.
3. You will be notified that this sign-in attempt needs further approval through MFA, and that Microsoft have sent a notification to the smartphone upon which you previously set up the Microsoft Authenticator app.
4. Your smartphone should then show a pop-up notification (or message on the lock screen), from the Microsoft Authenticator app, asking you to enter the two digits that are displayed and click yes. If you have not asked for this, select 'No, this is not me'
5. If the Microsoft Authenticator app lock is active, you will need to enter your smartphone unlock code, or biometric (such as fingerprint or face recognition) before your response will be accepted.
6. If for some reason you are not able to respond to the notification in a timely manner, you will be offered another chance by clicking send another request to my Microsoft Authenticator app.

1. If you are prompted to complete MFA using your default method (phone call or browser extension), and instead you want to use the Microsoft Authenticator app that you have previously set up, you can click on sign in another way. Or click on the left-pointing arrow found to the left of your email address.
2. You will then be presented with a set of options on how to complete MFA. The exact options will depend upon which MFA methods you have previously configured.

Important: It is highly recommended that you set up several methods of completing MFA to ensure you can still access your account should you encounter difficulties with one of the methods.

3. To use the Microsoft Authenticator app, click on Approve a request on my Microsoft Authenticator app.

If you have configured another MFA method (such as an automated phone call or a different authenticator application) as your default method, you can alter this to make the Microsoft Authenticator app the default.

1. To start the process, use a web browser to navigate to https://aka.ms/mfasetup.
2. You will be prompted to log in to Office365 using your Cardiff University email address and password. You might be challenged to complete MFA using one of the methods you have already set up.
   • Those without a Cardiff University email address (and only a username) will need to enter the username followed by ‘@cardiff.ac.uk’.
3. After successfully logging in, you will be taken to the My Sign-ins page where you can review the MFA methods you have already set up so far. Next to Default sign-in method: click on Change.
4. Pick Microsoft Authenticator – notification from the list of options.
5. The default sign-in method will now show Microsoft Authenticator – notification.

Important: Before you remove your account from the app, ensure that either you have set up the Microsoft Authenticator app on another smartphone and confirmed that it is functioning correctly with your account, or that you have other methods of completing MFA already set up and confirmed as working. Otherwise you will find that you cannot complete MFA and will be locked out of your account.

1. If you want to rename the entry for your account within the Microsoft Authenticator app, open the app on your smartphone, tap into your Cardiff University account, and then tap on the cog icon in the top right hand corner of the screen.
2. Tap account name to be able to enter a new description for how the app will refer to the account. Note this only affects how the Microsoft Authenticator app lists this account on your smartphone.
3. If you need to remove this account from the Microsoft Authenticator app completely (for example because you need to undertake set up again on this or a different smartphone) tap on remove account. If you understand the consequences of continuing (see note below), and are happy to proceed, tap as appropriate to confirm.

Important: Phone sign-in has not been configured and enabled at Cardiff University. If you accidentally activate this function, it will change your MFA experience, but will not operate correctly and will result in errors.

1. If your MFA prompt asks you to tap a corresponding two-digit number on the Microsoft Authenticator app, or if you receive an error message indicating that Your company policy requires that you use a different method to sign in, then you need to deactivate Phone sign-in.
2. Open the Microsoft Authenticator app on your smartphone and tap into your Cardiff University account. Then tap Disable phone sign-in and confirm.
3. The app should now show Enable phone sign-in, indicating that phone sign-in has been successfully disabled.