Https //Aka.ms.mfasetup: MFA is an important part of online security that should not be ignored. Even if they know your password, they won’t be able to log in because a second factor, such as your cell phone, is necessary for Authentication. After you’ve set up MFA on your phone, you’ll only have to select “Approve” on a notification rather than typing a code as you might be used to with other MFA.
Please note that while we set up MFA on your phone, some of the procedures outlined below must be completed on a computer rather than on your phone. Pay close attention to the instructions because they will tell you exactly where to do each step.
Set up the MFA App Authenticator app on a new device for a certain Azure AD
With Multi-Factor Authentication, the danger of compromise is decreased by 99.9%. (MFA). As a result, making it available to all staff is an excellent idea. This article explains how to utilize the Microsoft Authenticator program on a smartphone to implement MFA with step-by-step instructions. If you wish to utilize MFA on a new device but don’t know how to follow the steps below.
My colleague Martina Grom (@magrom) spoke about the importance of multi-factor authentication at the Modern Workplace Conference Paris 2019 in December (MFA). Thank you, Martina, for inspiring me to write this piece. Our users routinely request adjustments to the MFA settings. So, without further ado, here’s a walkthrough on how to transfer MFA from one device to another. An example would be using an outlook.com account as a guest in a firm where MFA is enabled for all accounts.
Is there a way to change MFA settings on a fresh device for a certain Azure AD tenant?
You’ll need the Authenticator app to complete the steps to register your “new” device with the app if you don’t already have it installed on your “old” device. ‘In this example, I used both my old and new iPhones.’ Things might get tricky when a user’s account is a visitor in multiple Azure Active Directory domains. Some tenants demand MFA, while others believe it is unnecessary. I wanted to change the MFA settings for a certain tenant to a different device.
If purchasing a new phone, it’s time to update MFA
In previous postings, we discussed the advantages of MFA and Microsoft’s improved user experience. We can assume you have MFA in place for yourself and your end-users if you utilize the Microsoft Authenticator app as the default secondary way of authentication. Because that once-shiny cell phone is starting to show its age. It no longer lasts as long on a charge as it once did. There are a couple of too many imperfections on it. Your carrier will give you a wonderful new deal once you’ve chosen a new phone. What will happen to all of the Microsoft Authenticator accounts that were set up on the old phone is unknown.
How do you transfer files to the new phone?
Keep your old phone since it will make the transition to Microsoft Authenticator on your new phone go much more smoothly. The first step is to ensure sure the previous phone’s cloud backup is turned on. On iOS devices, cloud backup requires a personal Microsoft account as well as an iCloud account. Because the backups are saved in iCloud and Microsoft’s clouds, you can’t use this strategy if you’re switching from an iOS to an Android device or vice versa.
Keep in mind that you should not create any Microsoft authenticator accounts with your new phone just yet. If there are any problems, a backup will not operate. Check to determine if Cloud backup is working by enabling it. While you’re there, consider turning on App Lock. Every actual use of the Microsoft Authenticator software necessitates the entry of a fingerprint or pin (whatever is configured for your screen unlock security).
Migrating from Microsoft MFA to a new phone is a lengthy procedure
Log into the recovery account you created in the previous step. Disable Battery optimization while using the app on the new phone. When Battery optimization is set, the phone may prevent Microsoft Authenticator from performing background operations such as downloading email from an MFA-protected account. On some of the regained accounts, a red exclamation point and a message stating “Action required” may now show. A call to action is issued, along with the necessary notifications. These accounts will require further proof to authenticate your identity. On the org website, scan the QR code.
The new MFA’s installation and Use
If you’re familiar with the previous technique, select the Setup Authenticator app; if this is your first time using it, select + Add method. As you walk through, the QR code will appear on the screen. Scan the QR code with your new smartphone by clicking on the text “Action required.” You’ll be able to utilize your old phone’s Authenticator app with this new phone’s credential when you get a new phone.
MFA HOUSEKEEPING stands for Mastering the Art of Housekeeping
While you’re here, please take a moment to tidy up the surroundings. On the previous experience screen capture, there are three items for the “Authenticator app,” indicating that this account has three different MFA devices set up for it. Two of them are probably outdated devices that can be safely removed from the system. Before selecting Delete, double-check that the label next to your device is correct. You can uninstall the authenticator app from your phone. If you’re still unsure, you can typically find out by Googling the name of the gadget.
Now that you’re all set, double-check it! To log out of your account, go to this page. Close all of your browsers after opening a new one and returning to a page that requires MFA. You can use https://portal.office.com or https://aka.ms/MFASetup, which are both safe options. Signing in and answering the MFA question is all that is required for authentication. As a result, providing customers with a variety of choices is a good idea. “However, Jan, SMS is no longer safe; it’s easy to manipulate!” Of course, this is correct, but keep in mind the following:
User Contentment
The end-user experience of the integrated registration portal is critical. Some organizations are having trouble making MFA (and SSPR) accessible to all employees, and I’ll be honest: it’s not always easy. Even if the new registration wizard is quite user-friendly, there’s always the chance that people will get trapped. As a result, I propose that you give the user as many options for signing up as feasible.
What exactly am I trying to say?
If Security Defaults are enabled on your tenant, the Authenticator App is the sole way for individuals to join up. If all of your users had access to a new iPhone with plenty of storage, it wouldn’t be an issue. This isn’t always the case because many folks have outdated computers and even older software. This service will not work with any hardware that isn’t capable of installing the Authenticator software.
As a result, a simple SMS or phone call for onboarding is appropriate. More methods may be implemented in the future, but for the time being, let your users become accustomed to MFA. After that, I’d like to show you how to “customise” the registration portal’s end-user experience. Because there isn’t somewhere else to place it, I used air quotes. These parameters can be configured in numerous places, and each combination has different impacts on the user.
