Microsoft Authenticator app FAQ
This article answers common questions about the Microsoft Authenticator app. If you don't see an answer to your question, go to the Microsoft Authenticator app forum.
The Microsoft Authenticator app replaced the Azure Authenticator app, and is the recommended app when you use Azure Multi-Factor Authentication. The Microsoft Authenticator app is available for Android and iOS.
Frequently asked questions
|What data does the Authenticator store on my behalf and how can I delete it?||The Microsoft Authenticator app collects three types of information:
|What are the codes in the app for?||When you open the Microsoft Authenticator app, you'll see your added accounts as tiles with a six- or eight-digit number for each.
You'll use these codes as verification that you are who you say you are. After you sign in with your username and password, you'll type in the verification code that's in the same tile as your account. For example, if you're Alain signing in to your Contoso account, you'd use the verification code, 427303.
|Why does the number next to the code keep counting down?||You might see a 30-second timer counting down next to your active verification code. This timer is so that you never sign in using the same code twice. Unlike a password, we don't want you to remember this number. The idea is that only someone with access to your phone knows your code.|
|Why is my account tile gray?||Some organizations require the Microsoft Authenticator app to work with single sign-on and to protect organizational resources. In this situation, the account isn't used for two-step verification and shows up as gray or inactive. This type of account is frequently called a "broker" account.|
|What is device registration?||Your organization might want you to register the device so they can understand which devices are accessing secured resources, such as files and apps, and to possibly turn on conditional access to reduce the risk of inappropriate access to those resources. You can unregister your device using Settings, but you may lose access to emails in Outlook, files in OneDrive, and you'll lose the ability to use phone sign-in.|
|Do I need to be connected to the Internet or my network to get and use the verification codes?||The codes don't require you to be on the Internet or connected to data, so you don't need phone service to sign in. Additionally, because the app stops running as soon as you close it, it won't drain your battery.|
|I only get notifications when the app is open. If the app is closed, I don't get notifications.||If you're getting notifications, but not an alert, even with your ringer on, you should check your app settings. Make sure the app is turned on to use sound or to vibrate for notifications. If you don't get notifications at all, you should check the following:
|I'm using the verification codes in the app, but how do I switch to the push notifications?||You can set this up for your work or school account (if turned on by your administrator) or for your personal Microsoft account, but notifications won't work for third-party accounts, like Google or Facebook.
To switch your personal account over to notifications you'll have to re-register your device with the account. Go to Add Account, select Personal Microsoft Account, and then sign in using your username and password.
Your organization decides whether to allow one-click notifications for your work or school account, so your organization might turn off this feature.
|Do notifications work for non-Microsoft accounts||No, notifications only work with Microsoft accounts and Azure Active Directory accounts. If your work or school uses Azure AD accounts, they might turn off this feature.|
|I got a new device or restored my device from a backup. How do I set up my accounts in the Microsoft Authenticator app again?||If you’re running an iOS device, have turned on iCloud Backup, and have created a backup of your accounts on your old device; you can use that backup to recover your account credentials on your new device. For more info, see the Backup and recover account credentials with the Microsoft Authenticator app article.|
|I lost my device or moved on to a new device. How do I make sure notifications don't continue to go to my old device?||Adding the Microsoft Authenticator app to your new device won't automatically remove the app from your old device. Even deleting the app from your old device isn't enough. You must both delete the app from your old device and tell Microsoft or your organization to forget the old device and unregister it from your account.
|How do I remove an account from the app?||
|Why does the app request so many permissions?||Here is a full list of permissions that can be asked for, and how they are used in the app. The specific permissions you see depend on the type of phone you have.
|Why does the Microsoft Authenticator app allow you to approve a request without unlocking the device?||You don't have to unlock your device to approve verification requests because all you need to prove is that you have your phone with you. Two-step verification requires proving two things – a thing you know, and a thing you have. The thing you know is your password. The thing you have is your phone (set up with the Microsoft Authenticator app and registered as an MFA proof.) Therefore, having the phone and approving the request meets the criteria for the second factor of authentication.|
|Why aren’t all my accounts showing up when I open the Microsoft Authenticator app on my Apple Watch?||The Microsoft Authenticator app only supports using Microsoft personal or school or work accounts with push notifications on the Apple Watch companion app. For your other accounts, like Google or Facebook, you’ll have to open the authenticator app on your phone to view your verification codes.|
|Why can’t I approve or deny notifications on my Apple Watch?||First, make sure you’ve upgraded to the Microsoft Authenticator app, version 6.0.0 or higher on your iPhone. After that, open the Microsoft Authenticator companion app on your Apple Watch and look for any accounts with a Set Up button beneath them. You must complete that set up process to approve notifications for those accounts.|
|I’m getting a communication error between the Apple Watch and my phone. What can I do to troubleshoot?||This error happens when your Watch screen goes to sleep before it finishes communicating with your phone.
If this happens during setup:
Try to run setup again, making sure to keep your Watch awake until the process is done. At the same time, open the app on your phone and respond to any prompts that appear.
If your phone and Watch still aren’t communicating, you can try the following:
The next time you try to approve a notification on your Apple Watch, keep the screen awake until the request is complete and you hear the sound that indicates it was successful.
|Why isn’t the Microsoft Authenticator companion app for Apple Watch syncing or showing up on my watch?||If the app isn’t showing up on your Watch, try the following:
|My Apple Watch companion app crashed. Can I send you my crash logs so you can investigate?||You first have to make sure you’ve chosen to share your analytics with us. If you’re a TestFlight user, you’re already signed up. Otherwise, you can go to Settings > Privacy > Analytics and select both the Share iPhone & Watch analytics and the Share with App Developers options.
After you sign up, you can try to reproduce your crash so your crash logs are automatically sent to us for investigation. However, if you can’t reproduce your crash, you can manually copy your log files and send them to us.
|What is the App Lock feature, and how does it help to keep me more secure?||To keep your one-time passcodes, app information, and app settings more secure, you can turn on the App Lock feature in the Microsoft Authenticator app. Turning on App Lock from the Settings screen of the Microsoft Authenticator app means you’ll be asked to authenticate using your PIN or biometric every time you open the Microsoft Authenticator app. This feature offers extra protection, the way you approve your notifications in the Microsoft Authenticator app won’t change.
If you return to the Microsoft Authenticator app running on an Android device in less than 30 seconds, you won’t be prompted to authenticate again.
|Why am I getting notifications about my account activity?||To help keep you more informed about what's going on with your personal Microsoft account, we're sending activity notifications to your Microsoft Authenticator app. These notifications appear immediately after something changes, helping to keep you more secure. We previously sent these notifications through email and SMS, and have now expanded to include the app. For more information about these activity notifications, see What happens if there's an unusual sign-in to your account. To change where you receive your notifications, sign in to https://account.live.com/SecurityNotifications/Update.|
If you want more information about two-step verification, see Set up my account for two-step verification
If you want more information about security info, see Manage your security info
If your question wasn't answered here, we want to hear from you. Go to the Microsoft Authenticator app forum to post your question and get help from the community, or leave a comment on this page.
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.