Setting up Microsoft Authenticator (Passwordless) 2FA

Passwordless signin bolsters your security and protects from MFA Fatigue Attacks as outlined in this optional reading: Defend your users from MFA fatigue attacks from Microsoft's Community Hub and it also adds the convenience of not having to type passwords.

You should still know and remember your Microsoft 365 password, or store it in a Password Manager like LastPass or Bitwarden. Your password is not the PIN you use every day to unlock your Windows computer and if not changed from the Microsoft generated password it will have 3 letters (first us uppercase) followed by 5 numbers (example: Ykg232387).

Anyone already setup will be seeing the number matching shown below, they therefore have nothing to do… For the rest please see the video that follows below.

How to enable passwordless

We have a video explaining this very simple process so they can follow along.

The video takes a new user from initial setup of Microsoft Authenticator through the whole process but most of your users should already have their Authenticator setup. For those users they can skip to the section on Enabling Phone Signin at the 12 min, 48 second mark of the video.

Note: We recommend you go to your Device Settings and give your device a unique name, rather than "iPhone" let's call it "Roger's iPhone15" (or your name and model) so that when you add a new device later you can easily identify the old device when you wish to remove it from your Microsoft Account.

We have a handy how to video on YouTube

How to enable or setup Push to Approve and Passwordless MFA for Office 365:

00:00 - Introduction

03:19 - Opening your Microsoft Account Manager

05:22 - Setting up Microsoft Authenticator

08:14 - Set Authenticator as DEFAULT Method

09:42 - Signing in with 2FA enabled

12:48 - Enabling Phone Sign in and registering your device for Passwordless

It's a good idea to trigger Microsoft to turn on interactive Passwordless sign in for your account.

here’s how if you missed it in the video. Open an InPrivate Edge or InCognito Chrome session and login to https://login.microsoftonline.com/ as shown at the 14:50 mark of the YouTube video above