<Why go through all the steps>

We ask you to do three things: link the app, enable phone sign-in (log in with your phone), and activate passkey. This combination provides the best protection and convenience.

• Link app (basic): this allows you to confirm logins with a secure push notification.
• Phone sign-in (passwordless): you use your phone + biometrics instead of a password. No more hassle with “what was that password again?” and less chance of leaked passwords being misused.
• Passkey (extra strong & future-proof): you confirm your identity with Face ID/Touch ID/Android biometrics. This is phishing-proof: even if someone lures you to a fake login page, your passkey won't work there.

Together, these steps ensure that:

• Attacks with fake emails and fake sites are much less likely.
• You are less dependent on passwords (which can be leaked, reused, or guessed).
• You can quickly and securely recover when replacing your phone (with backup and security information).
• We as an organization have one clear standard that we can support effectively.

• Logging in is faster: open notification → approve → done.
• Less password hassle: phone sign-in and passkeys prevent resets and lockouts.
• Privacy is guaranteed: the app does not read your private messages or photos. You only use the notification to confirm your identity.
• Android may look slightly different than iPhone. The names of buttons may differ, but the steps remain the same.

• Why not text messages? Text messages are susceptible to abuse (forwarding, SIM swaps). The app and passkey are linked to your device and biometrics.
• Is this complicated? No. These are one-time steps. After that, logging in is actually easier.
• What if I lose my phone? You can remove your old device and link a new one via Security info. Our instructions “New phone” explain this step by step.

• Laptop or PC (for the website)
• Your phone with the Microsoft Authenticator app (from the App Store/Google Play)
• Work account (email + password)
• If you use a Temporary Access Pass, you can immediately add your account through the Microsoft Authenticator app. The app then automatically checks which methods are enabled for your account and sets them up at the same time.

<Step 1>

1. Open: https://mysignins.microsoft.com/security-info
2. Log in with your work account.
3. Click + Add method → select Authenticator app → Add.
4. Leave the window with the QR code open.

<Step 2>

1. Open Microsoft Authenticator.
2. Tap Add account → Work or school account → Scan QR code.
3. Point the camera at the QR code on your laptop.
4. Follow the instructions in the app (confirm link, allow notifications).
5. Back on your laptop: select Next and Test approval → approve the notification on your phone.
6. You will now see Microsoft Authenticator listed as the Default method under Security info.

Done. From now on, you will approve logins with a push notification in the app (sometimes with number matching).

<Step 3>

With phone sign-in, you use your phone (biometrics/PIN) instead of your password.

1. Open Microsoft Authenticator on your phone.
2. Tap your work or school account → Account settings (⋯ or gear icon).
3. Select Sign in with phone or Enable sign-in without a password.
4. Follow the steps:
   
   1. Allow biometrics or screen lock.
   2. Complete device registration (required for work accounts).
5. Test: log in to Microsoft 365 on your laptop → select Sign in with phone → confirm the number change/prompt in the app.

Please note

On Android, the Account settings/Sign in without a password menu may have a slightly different name or be located in a different place.

<Step 4>

A passkey replaces your password and confirms your identity using Face ID/Touch ID/biometrics on your device. This is phishing-proof and fast.

1. Open Microsoft Authenticator.
2. Tap your work or school account → Account settings (⋯ or gear icon).
3. Select Passkey or Add security key/Passkey.
4. Follow the steps:
   
   1. Allow biometrics (Face ID/Touch ID or Android biometrics)
   2. Confirm your work account.
5. Quick check: on your laptop/PC, you can see that Passkey is active at https://mysignins.microsoft.com/security-info.
6. Test: sign in to Microsoft 365 → choose Passkey → confirm with biometrics on your phone.

Important

• On Android, the buttons may be called Passkey/Security Key; sometimes it is listed under Sign in without a password.
• Your device must have a screen lock and a recent OS version.
• Policy may require your device to be compliant via the Company Portal app first.

• I am not receiving push notifications. Open Authenticator → pull down to refresh, check your internet/work profile, try again.
• I do not see “Sign in without password/Passkey.” This is likely due to policy. Please contact the service desk.
• Lost/stolen phone. Go to https://mysignins.microsoft.com/security-info on a secure PC → remove the old device and pair a new device.

<New phone? Here's how to transfer your data securely>

1. Old phone → Authenticator → Settings → Turn on Cloud backup (iOS: iCloud, Android: Microsoft account).
2. New phone → Install Authenticator → Log in with the same account → Restore backup.
3. On your laptop, go to https://mysignins.microsoft.com/security-info → check whether the new phone is visible and set it as Default if necessary.
4. Test: log in to Microsoft 365 → approve the push notification on your new device.

Restoration not working? Remove the old method from Security info and add the app again using a new QR code.