<Why go through all the steps>

We ask you to do three things: link the app, enable phone sign-in (log in with your phone), and activate passkey. This combination provides the best protection and convenience.

• Link app (basic): this allows you to confirm logins with a secure push notification.
• Phone sign-in (passwordless): you use your phone + biometrics instead of a password. No more hassle with “what was that password again?” and less chance of leaked passwords being misused.
• Passkey (extra strong & future-proof): you confirm your identity with Face ID/Touch ID/Android biometrics. This is phishing-proof: even if someone lures you to a fake login page, your passkey won't work there.

Together, these steps ensure that:

• Attacks with fake emails and fake sites are much less likely.
• You are less dependent on passwords (which can be leaked, reused, or guessed).
• You can quickly and securely recover when replacing your phone (with backup and security information).
• We as an organization have one clear standard that we can support effectively.

• Logging in is faster: open notification → approve → done.
• Less password hassle: phone sign-in and passkeys prevent resets and lockouts.
• Privacy is guaranteed: the app does not read your private messages or photos. You only use the notification to confirm your identity.
• Android may look slightly different than iPhone. The names of buttons may differ, but the steps remain the same.

• Why not text messages? Text messages are susceptible to abuse (forwarding, SIM swaps). The app and passkey are linked to your device and biometrics.
• Is this complicated? No. These are one-time steps. After that, logging in is actually easier.
• What if I lose my phone? You can remove your old device and link a new one via Security info. Our instructions “New phone” explain this step by step.

• Laptop or PC (for the website)
• Your phone with the Microsoft Authenticator app (from the App Store/Google Play)
• Work account (email + password)

<Step 1>

1. Open: https://mysignins.microsoft.com/security-info
2. Log in with your work account.
3. Click + Add method → select Authenticator app → Add.
4. Leave the window with the QR code open.

<Step 2>

1. Open Microsoft Authenticator.
2. Tap Add account → Work or school account → Scan QR code.
3. Point the camera at the QR code on your laptop.
4. Follow the instructions in the app (confirm link, allow notifications).
5. Back on your laptop: select Next and Test approval → approve the notification on your phone.
6. You will now see Microsoft Authenticator listed as the Default method under Security info.

Done. From now on, you will approve logins with a push notification in the app (sometimes with number matching).

<Step 3>

With phone sign-in, you use your phone (biometrics/PIN) instead of your password.

1. Open Microsoft Authenticator on your phone.
2. Tap your work or school account → Account settings (⋯ or gear icon).
3. Select Sign in with phone or Enable sign-in without a password.
4. Follow the steps:
   
   1. Allow biometrics or screen lock.
   2. Complete device registration (required for work accounts).
5. Test: log in to Microsoft 365 on your laptop → select Sign in with phone → confirm the number change/prompt in the app.

Please note

On Android, the Account settings/Sign in without a password menu may have a slightly different name or be located in a different place.

<Step 4>

A passkey replaces your password and confirms your identity using Face ID/Touch ID/biometrics on your device. This is phishing-proof and fast.

1. Open Microsoft Authenticator.
2. Tap your work or school account → Account settings (⋯ or gear icon).
3. Select Passkey or Add security key/Passkey.
4. Follow the steps:
   
   1. Allow biometrics (Face ID/Touch ID or Android biometrics)
   2. Confirm your work account.
5. Quick check: on your laptop/PC, you can see that Passkey is active at https://mysignins.microsoft.com/security-info.
6. Test: sign in to Microsoft 365 → choose Passkey → confirm with biometrics on your phone.

Important

• On Android, the buttons may be called Passkey/Security Key; sometimes it is listed under Sign in without a password.
• Your device must have a screen lock and a recent OS version.
• Policy may require your device to be compliant via the Company Portal app first.

• I am not receiving push notifications. Open Authenticator → pull down to refresh, check your internet/work profile, try again.
• I do not see “Sign in without password/Passkey.” This is likely due to policy. Please contact the service desk.
• Lost/stolen phone. Go to https://mysignins.microsoft.com/security-info on a secure PC → remove the old device and pair a new device.

<New phone? Here's how to transfer your data securely>

1. Old phone → Authenticator → Settings → Turn on Cloud backup (iOS: iCloud, Android: Microsoft account).
2. New phone → Install Authenticator → Log in with the same account → Restore backup.
3. On your laptop, go to https://mysignins.microsoft.com/security-info → check whether the new phone is visible and set it as Default if necessary.
4. Test: log in to Microsoft 365 → approve the push notification on your new device.

Restoration not working? Remove the old method from Security info and add the app again using a new QR code.