MFA: Automatic Enrollment: iPhone - Microsoft Authenticator App

Topic

Multi-Factor Authentication Automatic Enrollment Instructions: iPhone - Microsoft Authenticator application

Environment (Products involved such as e.g. hardware, software, network)

Multi-Factor Authentication, iPhone, Application 

Resolution or Steps

1. Should you encounter “Allow my organization to manage my device” it is recommended Not to select this option.

“Windows prompt titled ‘Use this account everywhere on your device’ explaining that Windows will remember your account to make signing in easier and may require allowing the organization to manage certain settings. A checkbox option reads ‘Allow my organization to manage my device

2. None of your personal data is stored from any phone device you select for Multi-Factor Authentication set up and enrollment or by installing and using the Microsoft Authenticator application. Multi-Factor Authentication is not designed for data storage, it’s design and purpose is as an authentication utility. The Microsoft Authenticator app verifies authentication within the sign-in process in order to access Minnesota State Office 365 provided services.

What you will need before you begin Multi-Factor Authentication set up:

Note: If you are not a new student or have not been notified of having a compromised account you will need to use Multi-Factor Authentication Self-Enrollment instructions to set up Multi-Factor Authentication rather than using instructions provided below.

  1. Immediate access to the Phone Device you will select for your preferred verification option
  2. A Computer with Internet connectivity

Steps:

  • Note: Illustrations and instructions may vary slightly.
  • Step 1) On your iPhone:
    • a)  Go to the App Store.
    • b)  Perform search for "Microsoft Authenticator". Select Get, then Open application.
      • (you may be prompted to enter your Application Store login)

“Two iPhone App Store screenshots showing a search for ‘microsoft authenticator’ with the result displaying the Microsoft Authenticator app. In the first screenshot, the button reads ‘GET,’ and in the second screenshot, it reads ‘OPEN.’ The App Store icon appears on the left.”

  • Step 2) Select Work or school account.
    • Select Skip if prompted to Add Personal Account or Add Non-Microsoft Account

“Microsoft Authenticator Accounts screen showing the heading ‘What kind of account are you adding?’ with options for Personal account, Work or school account (highlighted in red), and Other (Google, Facebook, etc.).”

  • Step 3) Tap Allow to, Allow Authenticator to take pictures and record video? prompt.
    • Your phone will be ready to scan or manually enter the Quick Response code (displayed in step 7).
    • Set your phone down.
  • Important note:
    • Once you click on the Minnesota State button Enable Multi Factor Authentication outlined in the next step (Step 4), you will need to complete Multi-Factor Authentication set up before you will be able to access your email and other Minnesota State Office 365 connected services. If you cancel or do not complete the set up, you will not be able to access these services until Multi-Factor Authentication is successfully set up.
  • Step 4) Switch to your computer:
    • a)  Browse to the Additional security verification page.
    • b)  Sign in with your username and password:
    • c)  Click Next on the prompt More information required.
      • Please note, If you are both employee and student, you will need to set up Multi-Factor Authentication on both your employee and student accounts. The Microsoft Authenticator application can support multiple accounts.  
      • If you are employed or take classes at multiple Minnesota State University / Colleges you only need to do this once per employee/student account.
  • Step 5) Displayed on your computer, on the Additional security verification page:
    • a)  Under, How do you want to use the mobile app?:
      • Select Mobile app from the drop down selection
    • b)  Select a verification method:
      • Receive notifications for verification (recommended - one-tap approval)
      • Use verification code (this option continually generates a verification code sent to your phone which you will need to accurately enter for verification).
    • Note, before you click Set up, the next screen will display a Quick Response code; this Quick Response code is time-sensitive, so be ready to scan the Quick Response code with your phone.
    • c)  Click Setup
  • Step 6) On your phone:
    • a)  Scan the Quick Response code, displayed on your computer, using your phone.

“Microsoft Additional security verification page showing Step 1 with the dropdown set to ‘Mobile app’ and options to ‘Receive notifications for verification’ or ‘Use verification code.’ A blue ‘Set up’ button appears below. To the right is a screen displaying configuration instructions with a QR code labeled ‘Configure mobile app.’ In the center, a phone screen shows the Microsoft Authenticator app scanning the same QR code. On the far right is a computer monitor displaying the QR code setup screen above a keyboard.” 

  • b)  After the Quick Response code has been scanned, Minnesota State Colleges and Universities  and your account will display on your phone.

“Microsoft Authenticator account entry labeled ‘MNSCU’ with an associated email address ending in @go.minnstate.edu.”

  • c) On your phone, select Go to Settings and ensure Allow Notifications is set to allow.

“Two iPhone screens shown side by side. The left screen displays a prompt beneath a QR‑code scan page stating: ‘Push notifications are required to activate and authenticate with this app. Go to Settings > Notifications to allow push notifications for the app,’ with buttons labeled ‘Not now’ and ‘Go to Settings’ (highlighted). The right screen shows the iPhone Notifications settings for the Authenticator app, with ‘Allow Notifications’ switched on and alert options for Lock Screen, Notification Center, and Banners, with Banner Style set to Temporary.”

  • Step 7) On your computer, on the Additional security information window:
    • Click Next. Displayed will be Step 2: Let’s make sure that we can reach you on your Mobile Application device
    • Note: If you have set up a Pin or biometric face/fingerprint to access your phone, you may be prompted for this to proceed.
“Image set showing examples of phone security prompts. The first screen displays ‘Authenticator locked’ with a lock icon and an ‘Unlock’ option. Next is a phone screen with a Face ID icon labeled ‘Face ID.’ On the right is text reading ‘Examples: Prompt for entry of your phone PIN or biometrics used to access your phone (graphics may vary)’ above an image of a fingerprint scan with a button labeled ‘Continue.’”
  • Step 8) On your phone the Authenticator application will prompt you for approval or display a verification code:
    • If you selected – Receive notification for verification:
      • Select Approve prompted on your phone
    • If you selected – Use verification code:
      • On your computer, enter the verification code received on your phone, then click Verify
  • Step 9) On your computer, on the Additional security verification page:
    • a)  A prompt to "Secure your account by adding phone verification to your password" and "Step 2: In case you lose access to the mobile app" will be displayed.
    • b)  The phone number you enter should be a different number other than your mobile device; this is to help ensure you are not locked out of your account in the event you do not have immediate access to your primary phone, your battery is dead, your primary device is lost, stolen or damaged or you get a new phone or number.
      • Consider using a spouse or trusted family member’s phone as the added back-up phone number (i.e. the "added phone verification to your password").
      • Note: This added phone number will not be called for validation during this set up process.
    • c)  Select country and ensure you have entered the correct phone number before clicking Done.
    • Your account is now set with Multi-Factor Authentication protection!

If you need assistance with Multi-Factor Authentication please contact Information Technology Service Desk.

 

Information Security:

What should I do when I get a verification request I don’t recognize?

If you receive approval requests for access to your Office 365 and you are not actively signing in to Minnesota State Office 365 connected applications (in other words you did not just attempt to log in to your Office 365 account using your Minnesota State Office 365 login credentials) then deny the access.

Stay Vigilant:

  • You will not be prompted by Multi-Factor Authentication without your attempt to log in. Multi-Factor Authentication verification will never prompt you first. Do not approve or take action on any prompts if you are not logging into your account.
  • No one, including Information Technology Services, Metropolitan State University, Minnesota State Colleges or Universities, or other entities which may appear to be related, will ever contact or prompt you to ask you to “approve” an Multi-Factor Authentication notification or ask for a verification code.  
  • Do not press # key for verification or enter verification code if you receive a voice call on your mobile device, office, or alternate phone. Ensure your spouse or trusted family doesn’t automatically enter the key(s) without checking with you first.

Resources

Was this helpful?
50% helpful - 2 reviews
Print Article