Description
Microsoft Authenticator
Microsoft Authenticator is a free app that helps you sign in to all your accounts without using a password – just use a fingerprint, face recognition, or a PIN.
You can use Authenticator to sign in to your Microsoft personal, work, school or other accounts.
Authenticator can be used three ways:
- As a way to verify sign-in if you forget your password.
- As a way to sign in every time, by using a one-time password code to increase account security. This is called two-step verification or multi-factor authentication.
- As the only way to sign in – just tap an approval on your phone to sign in. This is called going passwordless.
Troubleshoot problems with Microsoft Authenticator
You can resolve problems with Microsoft Authenticator by checking the tips in this article and reviewing some of the known errors.
Import passwords into the Microsoft Authenticator app
Microsoft Authenticator supports importing passwords from any browser that can export saved passwords.
Export your passwords from your current password manager:
Select your existing password manager from the headings below for the steps to export your passwords. If we don’t currently support your existing password manager, select the steps to export using a comma-separated values (CSV) file.
Back up your accounts in Microsoft Authenticator
Back up information on all the accounts you have in Authenticator so that if you lose your mobile, or get a new device, you can sign in to restore previously saved accounts, making it easy to access sites or services.
Signing in with a passkey
What are passkeys?
Passkeys are a replacement for your password. With passkeys, you can sign into your Microsoft personal account or your work/school account using your face, fingerprint, or PIN. Signing in with a passkey is simple and fast and helps protect you against phishing attacks.
Passkeys are supported on desktop and mobile browsers (mobile app support is coming soon). You can use Windows Hello on Windows 10/11 devices to sign into your account with a passkey
Supported devices
Passkeys are supported on the following:
- Windows 10 and newer.
- macOS Ventura and newer.
- ChromeOS 109 and newer.
- iOS 16 and newer.
- Android 9 and newer.
- Hardware security keys that support the FIDO2 protocol.
Supported browsers
Your device will need to use a supported browser, such as
- Microsoft Edge 109 or newer.
- Safari 16 or newer.
- Chrome 109 or newer.
Block an email address from signing in
The Recent activity page shows you when and where you’ve used your Microsoft account within the last 30 days. You can expand any listed activity to see location details and find out how the account was accessed—using a web browser, phone, or another method.
If you see only a Recent activity section on the page, you don’t need to confirm any activity. However, if you see an Unusual activity section, it’s important to:
- Let us know whether the activity was you or not. When you expand an activity, you can choose This was me or This wasn’t me. These options are only in the Unusual activity section, so if you see them, we need your response. With your help, we can rule out false threats and block unauthorized access more quickly.
- Secure your account. If you’re concerned that someone might have access to your account, we strongly recommend that you go to the Security settings page where you can change your password and update security settings. You can also remove all trusted devices. To learn more about account management and security, see the Security basics page.
If you travel often, your new locations may show as unusual activity. To travel without disruptions or alerts, we recommend using Microsoft Authenticator to sign in.
If you get an email about unusual activity and you’re not sure if it’s from Microsoft, you can safely sign in to your Microsoft account any time without clicking links in the email.
Which Account types are backed up in Authenticator?
- Microsoft personal accounts
- Work or school accounts
- 3rd party accounts, such as Amazon, Facebook or Gmail.
Microsoft personal accounts
- If the account only uses a one-time password code which refreshes every 30 seconds. The password codes will available once restored.
- If the account also provides passwordless sign-in, then only the account name is backed up. When you restore, you will need to sign in again.
Microsoft Authenticator FAQs :
This article answers common questions about Microsoft Authenticator. Select the headings below to see more information.
Verification codes
No. The codes don’t require you to be on the internet or connected to data, so you don’t need phone service to sign in. Additionally, because the app stops running as soon as you close it, it won’t drain your battery.
Sign in responses
Yes. To get sign in notifications and to send your response your device needs to be connected to the internet.
Microsoft Authenticator is not available for desktop computers because authenticator apps are typically designed for smartphones for two main reasons:
- Security: Having the second factor of a security question on a separate device enhances security. If both factors (password and authentication) are on the same device, it would be easier for an attacker to compromise both.
- Availability: Mobile devices are almost always with the user, making them convenient for authentication purposes. Desktops, on the other hand, are not as portable. Having your authenticator only on your PC means you couldn’t sign in away from your home or desk.
If you’re using Microsoft Authenticator with an Android or iOS work profile, make sure you add biometrics in your work profile. Biometrics for regular security don’t always carry over to work profiles.
You can set up notifications for your work or school account (if allowed by your administrator) or for your personal Microsoft account.
No, notifications only work with Microsoft personal accounts work or school accounts. Work or school IT admins may turn off this feature.
Adding Authenticator to your new device doesn’t automatically remove the app from your old device. Even deleting the app from your old device isn’t enough. You must both delete the app from your old device AND tell Microsoft or your organization to forget and unregister the old device.
- To remove the app from a device using a personal Microsoft account, go to the two-step verification area of your Account Security page and choose to turn off verification for your old devic
- To remove the app from a device using a work or school Microsoft account, go to the two-step verification area of either your My Apps page or your organization’s company portal to turn off verification for your old device.
No, Apple Watch and Android wearable devices (such as Samsung Galaxy Watch) are currently incompatible with Authenticator’s security features, but you can mirror Authenticator notifications from your phone to your wearable device.
You’ll see a prompt from Authenticator asking for access to your location if your IT admin has created a policy requiring you to share your GPS location before you are allowed to access specific resources. You’ll need to share your location once every hour to ensure you’re still within a country where you are allowed to access the resource.
On iOS, Microsoft recommends allowing the app to access location always. Follow the iOS prompts to grant that permission. Here’s what each permission level will mean for you:
- Allow while using the app: If you choose this option, you’ll be prompted to select two more options.
- Always allow (recommended): While you’re still accessing the protected resource, for the next 24 hours, your location will be shared silently once per hour from the device, so you won’t need to get out your phone and manually approve each hour.
- Keep only while using: While you’re still accessing the protected resource, every hour, you’ll need to pull out your device and manually approve the request.
- Allow once: Once every hour that you’re still accessing the resource, or next time you try to access the resource, you’ll need to grant permission again. You will need to go to Settings and manually enable the permission.
- Don’t allow: If you select this option, you’ll be blocked from accessing the resource. If you change your mind, you’ll need to go to Settings and manually enable the permission.
On Android, Microsoft recommends allowing the app to access location all the time. Follow the Android prompts to grant that permission. Here’s what each permission level will mean for you:
- Allow all the time (recommended): While you’re still accessing the protected resource, for the next 24 hours, your location will be shared silently once per hour from the device, so you will not need to get out your phone and manually approve each hour.
- Allow only while using the app: While you’re still accessing the protected resource, every hour, you’ll need to pull out your device and manually approve the request.
- Deny and don’t ask again: If you select this option, you’ll be blocked from accessing the resource
Authenticator collects your GPS information to determine what country you’re located in. The country name and location coordinates are sent back to the system to determine if you are allowed to access the protected resource. The country name is stored and reported back to your IT admin (if applicable), but your actual coordinates are never saved or stored on Microsoft servers.
Starting July 2025, the autofill feature in Authenticator will stop working, and from August 2025, passwords will no longer be accessible in Authenticator. Learn more.
The Microsoft Autofill Chrome Extension was retired on December 14, 2024.
App Lock helps keep your one-time verification codes, app information, and app settings more secure. When App Lock is enabled, you’ll be asked to authenticate using your device PIN or biometric every time you open Authenticator. App Lock also helps ensure that you’re the only one who can approve notifications by prompting for your PIN or biometric any time you approve a sign-in notification. You can turn App Lock on or off on the Authenticator Settings page. By default, App Lock is turned on when you set up a PIN or biometric on your device.
Unfortunately, there’s no guarantee that App Lock will stop someone from accessing Authenticator. That’s because device registration can happen in other locations outside of Authenticator, such as in Android account settings or in the Company Portal app.
To see your OTP codes in screenshots or allow other apps to capture the Authenticator screen, turn on Screen Capture in Authenticator’s Settings and restart the app.
Authenticator collects three types of information:
- Account info you provide when you add your account. After adding your account, depending on the features you enable for the account, your account data might sync down to the app. This data is stored on your device and can be removed by removing your account.
- Non-personally identifiable usage data, such as aggregate details about success or failure of important operations that are used to detect decreased reliability and bugs. This minimal data is needed to keep the app updated and secure. You need to accept the notice of this data collection when you use the app for the first time.
- You can also allow the sharing of additional non-personal usage data by turning on the “Usage Data” toggle button on the app’s Settings page or when you use the app for the first time. This data allows our engineers to improve the app in ways that are important to you. This setting can be turned on or off at any time.
- Diagnostic log data that stays only in the app until you select Send feedback in the app’s top menu to send logs to Microsoft. These logs can contain personal data such as email addresses, server addresses, or IP addresses. They also can contain device data such as device name and operating system version. Any personal data collected is limited to information needed to help troubleshoot app issues. Authenticator engineers will use them only to troubleshoot customer-reported issues.
Reviews
There are no reviews yet.