How Do I Use Microsoft Authenticator for Two-Factor Authentication (2FA)?

Tags ms auth

Questions Answered in this Article

Setting Up & Managing Microsoft Authenticator

Logging In

Additional Support

Answers

All faculty, staff and students have the ability to use Microsoft Authenticator as their two-factor authentication (2fa) method. 
 

Phone or Tablet Setup 

*Please note: The Microsoft Authenticator app must be installed on a device such as a smartphone or tablet. It cannot be installed on a computer.

  1. Download the Microsoft Authenticator app from your device’s app store.
  2. Open the app on your device.
     
  3. When prompted about data privacy, we recommend that you do not "Share additional data" and then tap "Continue".

    Your data your privacy screen in Microsoft authenticator app, select do not share additional data.
     
  4. Select "add work or school account" from the Welcome screen.

    Microsoft Authenticator welcome screen, highlight work or school account.
     
  5. Sign in using your UNCW email and password, then approve two-factor authentication to complete the sign-in.

    Sign-in screen, showing that you need to use your UNCW email
     
  6. Select "Continue" after reviewing the sign-in and verification options that Microsoft Authenticator provides.

    Sign-in and verify options from Microsoft Authenticator
     
  7. Tap "Continue" and follow the on-screen instructions to turn on AutoFill, which is required to use Microsoft Authenticator's Passwordless features.

    Microsoft Authenticator Autofill prompt
     
  8. Register your device to enable passwordless sign-in features.

    TECH TIP: Registering associates your device’s operating system type (iOS or Android), version and phone number with your Microsoft 365 account. 

    register your device prompt
     
  9. If prompted about notifications, choose your preferred option.
     
  10. You should see your UNCW account listed. Please tap on your account to continue.
     
  11. Click "Create a passkey."

    UNCW account screen highlighting create a passkey button
     
  12. Once your passkey is created, tap "Done."

    Passkey Created prompt with a button that says done at the bottom
     
  13. We recommend testing Microsoft Authenticator by signing in to your UNCW account to ensure it is set up correctly.

    TECH TIP: By using a private browser, you can test the Microsoft Authenticator App without having to sign out.

 

Alternative Setup Instructions

*Please note: The above instructions are the preferred method for installing Microsoft Authenticator. You may also use either option below to set up Microsoft Authenticator.

Set Up Using Only Your Phone or Tablet+
Set Up Your Phone or Tablet with Help from Your Computer+

 

Windows Security Key Setup

*Please note: While most security key setup processes are similar, there may be slight variations depending on the brand​​

  1. Acquire a YubiKey or security key.  
     
  2. Visit your Microsoft Account Settings 
    .
  3. Go to "Security Info" from the left-hand side

    my account left hand navigation menu highlighting security info
     
  4. Select “+ Add sign-in method” located at the top of your sign-in method list. 
     
  5. Click “Security Key” from the dialog box.

    Add sign in method, with security key highlighted
     
  6. Select “USB Device" when the prompt asks for the type of security key you want to configure.
     
  7. Follow the on-screen instructions and when prompted plug your USB security key into an available port on your device.

    TECH TIP: UNCW-issued YubiKeys are available in two variants: USB-A and USB-C. Please refer to your specific security key’s vendor documentation for any additional guidance. 

  8. When prompted, create a unique security key PIN. You will use this PIN any time you need to unlock your security key.

    TECH TIP: Pick a PIN you can remember and recall easily in the future. 

    windows security key PIN
     
  9. Continue following the on-screen instructions.

    windows security key continue setup. touch your security key.
     
  10. When prompted, name your security key. 
     
  11. Once complete, you will be returned to the Security Info page. You should now see your new security key listed as a sign-in method. 


Set Up Passwordless Login

*Please note: Passwordless authentication lets you sign in without typing a password. Instead, it uses other two-factor methods such as biometrics, device-based authentication or hardware keys. Microsoft verifies your identity by combining something you have, like a registered device, with something you are or know, like a fingerprint, FaceID or PIN. This creates a secure login experience without ever entering a password. 

  1. Open the Microsoft Authenticator app on your device and select your UNCW account. 
     
  2. Select “Set up Passwordless sign-in requests” under the "Other ways to sign in" section.

    TECH TIP: If you do not see "Set Up Passwordless sign-in requests," check the "Ways to sign in or verify" section at the top. If "Passwordless sign-in requests" appears there, then you need to proceed to step 8.

  3. Click “Continue” to begin the process for setting up the Passwordless feature.
     
  4. Verify your identity.
     
  5. Register your device by clicking Register on the next prompt(s). This step is required to enable passwordless authentication and only collects basic device information for verification.
     
  6. Next, you will be asked to use your device’s screen lock, such as Face ID, Touch ID, or a PIN, to create your passwordless sign-in method.
     
  7. From the main Authenticator page, select your UNCW account.
     
  8. Select "Create a passkey".
     
  9. Sign in with your UNCW account.
     
  10. Tap "Continue" to turn on AutoFill and follow the on-screen prompts.
     
  11. Once your passkey is created, tap "Done."
     
  12. Wait approximately five minutes before signing in with passwordless to ensure the changes finish syncing.


Using Passwordless Log In
 

  1. On the sign-in page, select "Sign-in options".
     
  2. Select "Face, fingerprint, PIN or security key".
     
  3. You will be redirected to a screen prompting you to choose your device.  
     
  4. Select "iPhone, iPad, or Android device" and click "Next."

    TECH TIP: Alternatively, choose "security key" if you have registered a YubiKey with your UNCW Microsoft Authenticator account.

  5. A QR code will appear. Scan it with your device's camera.
     
  6. Follow the prompts on your device to "Use Passkey" to complete your sign-in. 

 

Passwordless Sign-in Not Working

*Please note: The error message will vary depending on the issue encountered when using passwordless sign-in, such as “Request denied” or “Sorry, we’re having trouble signing you in”. Regardless of the message, you should have the option to sign in another way and follow the same steps.

  1. Select "Sign in another way".

    passwordless sign in error, we couldn't sign you in something went wrong when trying to sign in with a passkey. please try again. learn more about passkeys or sign in another way.
     
  2. Next, click "Sign-in options".

    UNCW Sign in Screen prompting you to enter your user name, slect next or click sign in options. Sign in options is highlighted in this example.
     
  3. Choose from the list of available sign-in options.

    choose a way to sign in, face finterprint pin or security key, approve request in my microsoft authenticator app or use my password
     
  4. If these options don’t resolve the issue or meet your needs, please select “Back.”
     
  5. Type in your username, select "Next" and follow the prompts to finish logging in. 

    UNCW Sign in Screen prompting you to enter your user name, slect next or click sign in options.

 

Available Sign-In Methods
 

  • Face, fingerprint, PIN or security key: Allows users to leverage biometrics, PINs, or security keys to authenticate. On-device platform authenticators, such as biometrics, Windows Hello (Biometrics/PIN), and macOS Touch ID, are future authentication initiatives.
     
  • Approve request on my Microsoft Authenticator app: Sends an authentication request to the Microsoft Authenticator application on your registered device that prompts you to approve or deny it. 
     
  • Use a verification code: Allows users to sign in using the temporary one-time password from the Microsoft Authenticator app.
     
  • Approve with Cisco Duo: Sends an authentication request to the Duo Application on your registered smart device.

    TECH TIP: UNCW is currently migrating away from Duo as our primary multifactor authentication method. We recommend using Microsoft Authenticator whenever possible.

  • Text +X XXXXXXXX59:  Allows users to receive a one-time passcode via SMS (text) to use for authentication.

    TECH TIP: The Text SMS method offers the least security and is not recommended.

  • Call +X XXXXXXXX59: Allows users to receive a one-time passcode through an automated phone call for authentication.

    TECH TIP: The Text SMS method offers the least security and is not recommended.

 

Security Key Requests & Recommendations
 

*Please note: A security key is a small physical device used to securely sign in to applications and services. Security keys are widely regarded as the strongest form of two-factor authentication today because they address the most common real-world attack techniques. 

Faculty & Staff
 

  • Faculty and staff may submit a request for a YubiKey. All requests are reviewed by IT Security prior to approval. Approved requests may require departmental payment.

 

Buy Your Own Security Key

*Please note: If you choose to bring your own security key, ensure it meets the following criteria. 

Required Features:

  • IDO2 / WebAuthn support: This is mandatory for use in our environment 

  • Certified by the FIDO Alliance: Look for official FIDO certification from the manufacturer 

  • User presence verification: Touch, button press, PIN, or biometric confirmation 

  • Hardware-backed key storage: Keys must be generated and stored on the device itself 

 
Strongly Recommended Features

  • PIN support: Adds protection if the key is lost or stolen 

  • Multi-device compatibility: USB-A, USB-C, NFC, or Lightning (depending on your devices) 

  • Firmware security: Vendor provides signed firmware and security updates 

  • Durability: Water-resistant and tamper-resistant designs are preferred 

  • Vendor reputation: Established vendors with long-term support histories 

If you need further assistance, please submit a service request or CHAT with TAC.

Print Article