Home / Software / Microsoft / Microsoft Teams / How to Set Up Microsoft Authenticator for Teams MFA

How to Set Up Microsoft Authenticator for Teams MFA

How to Set Up Microsoft Authenticator for Teams MFA

Microsoft Authenticator is the recommended app for securing your Microsoft Teams and Microsoft 365 account with multi-factor authentication (MFA). Once set up, it generates a six-digit code or sends an approval notification when you sign in — adding a second layer of security beyond your password. This guide covers the full setup process for both Android and iPhone.

What You Need Before Starting

Before you begin, make sure you have the following:

  • A Microsoft 365 work or school account with MFA enabled by your administrator, or a personal Microsoft account
  • An Android phone or iPhone
  • Access to your account on a computer or a second device to complete the initial setup

If you are on a work account, your IT administrator will usually have already enabled MFA enforcement. You may have been prompted to set it up the next time you signed in to Teams or Outlook. If you have not been prompted yet, you can begin the process manually at aka.ms/mfasetup.

Step 1: Install Microsoft Authenticator

Download the app to your phone before starting the setup process on your computer.

  • Android: search for Microsoft Authenticator in the Google Play Store and install it
  • iPhone: search for Microsoft Authenticator in the Apple App Store and install it

Open the app once installed. You will see an option to add an account — leave this for now and continue setup on your computer first. The app needs to be open and ready when you reach the QR code step.

[Screenshot: Microsoft Authenticator app home screen showing the Add account prompt]

Step 2: Add Your Microsoft 365 Account

On your computer, navigate to aka.ms/mfasetup and sign in with your Microsoft 365 work, school, or personal account. If you are prompted during a Teams or Outlook sign-in, follow the same steps from the prompt.

  1. Click Add method and select Authenticator app from the list
  2. Choose Microsoft Authenticator when asked which app you are using
  3. On the next screen, a QR code will appear on your computer display

Now switch to your phone:

  1. In the Authenticator app, tap the + icon or Add account
  2. Select Work or school account
  3. Choose Scan a QR code
  4. Point your phone camera at the QR code displayed on your computer screen

The app will scan the code automatically — no need to press a button. Your account will appear in the app list within a few seconds.

[Screenshot: QR code displayed on Microsoft security setup page on a desktop browser]

Step 3: Complete the Verification Test

After the QR code is scanned, Microsoft will send a test notification to your phone to confirm the link is working correctly.

  1. A push notification will appear on your phone — tap Approve
  2. Back on your computer, the setup will confirm the verification was successful
  3. Click Done to finish

Setup is now complete. Your account is protected with MFA via Microsoft Authenticator.

How MFA Works After Setup

Once Authenticator is configured, every sign-in to Teams, Outlook, SharePoint, or any other Microsoft 365 app will require a second step.

Push notification method: enter your email address and password as normal, then wait for a notification on your phone. Tap Approve to complete sign-in. This is the quickest method and works as long as your phone has an internet connection.

One-time code method: open the Authenticator app and enter the six-digit code shown next to your account. Codes refresh every 30 seconds. Use this method if your phone does not have internet access at the time of sign-in — the codes are generated locally and do not require a connection.

Both methods are equally secure. Most users find the push notification faster for day-to-day use.

Device Health Warning: What It Means

Microsoft Authenticator checks the security state of your device when you set it up or use it. On Android in particular, you may see a warning that your device does not meet security requirements or has been compromised. This can prevent the app from working correctly.

Common causes include:

  • Developer Options enabled — go to Settings → System → Developer Options and turn them off
  • USB Debugging enabled — found inside Developer Options, switch it off
  • Sideloaded apps installed — any APK installed from outside the Play Store can trigger this warning; uninstall the app in question
  • Install unknown apps permission active — go to Settings → Apps → Special app access → Install unknown apps and revoke the permission from any app that has it

After resolving the underlying cause, clear the Authenticator app cache: Settings → Apps → Microsoft Authenticator → Storage → Clear Cache. Restart your phone, then open Authenticator again. The warning should be gone.

If the warning persists and you cannot identify the cause, contact your IT administrator — some organisations use mobile device management (MDM) policies that may be contributing to the issue.

If You Lose Access to Your Authenticator App

Losing your phone without a backup in place can lock you out of your Microsoft 365 account. Here is what to do depending on your situation:

Work or school account: contact your IT administrator. They can reset your MFA settings from the Microsoft 365 admin centre, which will allow you to register a new device next time you sign in.

Personal Microsoft account: visit account.microsoft.com and use an alternative verification method such as a backup email address, phone number, or a recovery code if you saved one during setup.

It is worth asking your IT team what the recovery process is before you need it — particularly if you travel frequently or are likely to replace your phone.

Setting Up Authenticator on a New Phone

Before switching phones, enable cloud backup in the Authenticator app:

  • Android: tap the three dots → Settings → Cloud backup → enable it
  • iPhone: tap the three dots → Settings → iCloud backup → enable it

On your new phone, install Microsoft Authenticator, then tap Restore from backup on the welcome screen. Sign in with your personal Microsoft account (Android) or your iCloud account (iPhone) to restore all your saved accounts. Work accounts will require an additional verification step to reactivate after restore.

If you did not enable backup before switching phones, you will need to go through the full setup process again at aka.ms/mfasetup — or contact your IT administrator to reset your MFA.

Passwordless Sign-In with Microsoft Authenticator

Microsoft Authenticator supports passwordless sign-in, which removes the password step entirely. Instead of typing a password, you are shown a number on the sign-in screen and prompted to match it in the Authenticator app on your phone.

To enable passwordless sign-in on a personal or managed Microsoft account:

  1. Go to aka.ms/mysecurityinfo and sign in
  2. Click Add sign-in method → select Authenticator app
  3. Follow the on-screen prompts to enable the passwordless option

For work and school accounts, this feature requires your IT administrator to have enabled passwordless authentication for your organisation in the Microsoft Entra admin centre. If the option is greyed out or unavailable, check with your IT team. Passwordless sign-in is available at no extra cost on most Microsoft 365 plans including Business Basic, Business Standard, and Enterprise tiers sold in the UK.

Related articles: Microsoft Authenticator Saying Your Device Is Rooted or Compromised: Every Fix, What Is Two-Factor Authentication (2FA)? A Plain-English Guide, How to Use an Authenticator App

For a full index of every Teams guide and troubleshooting fix on Serverman, see the Microsoft Teams complete guide and troubleshooting hub.