Sign in to your accounts using the Microsoft Authenticator app

The Microsoft Authenticator app helps you sign in to your accounts if you use two-factor verification. Two-factor verification helps you to access your accounts more securely, especially while viewing sensitive information. Because passwords can be forgotten, stolen, or compromised, two-factor verification is an additional security step that helps protect your account by making it harder for other people to break in.

You can use the Microsoft Authenticator app in multiple ways, including:

  • Providing a prompt for a second verification method after you sign in with your username and password.

  • Providing sign-in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN.

    Important

    This phone sign-in method only works with your work or school and personal Microsoft accounts. Your non-Microsoft accounts require you to use the standard two-factor verification process.

Prerequisites

Before you can use the Microsoft Authenticator app, you must:

  1. Download and install the Microsoft Authenticator app. If you haven't done this yet, see Download and install the app.

  2. Add your work/school, personal, and third-party accounts to the Microsoft Authenticator app. For the detailed steps, see Add your work or school account, Add your personal accounts, and Add your non-Microsoft accounts.

Turn on and use phone sign-in for your work or school account

Phone sign-in is a type of two-step verification. You must still verify your identity by providing a thing you know and a thing you have, but phone sign-in lets you skip entering your account password and performs all of your identity verification on your mobile device.

Before you can turn on phone sign-in, you must turn on two-factor verification. For more information about how to turn on two-factor verification for an account, see Add your work or school account and Add your personal accounts.

Phone sign-in is only available on iOS and Android devices running Android 6.0 or above.

Turn on phone sign-in

Open the Microsoft Authenticator app, go to your work or school account, and turn on phone sign-in.

  • When you tap the account tile, you see a full screen view of the account. If you see Phone sign-in enabled that means you are fully set up to sign in without your password. If you see Enable phone sign-in, tap it to turn on phone sign-in.
  • If you’ve already been using the app for two-factor verification, you can tap the account tile to see a full screen view of the account. Then tap Enable phone sign-in to turn on phone sign-in.
  • If you can't find your work or school account on the Accounts screen of the app, it means that you haven't added it to the app yet. Add your work or school account by following the steps in the Add your work or school account help.

After you turn on phone sign-in, you can sign in using only the Microsoft Authenticator app. Here's how:

  1. Sign in to your work or school account.

    After typing your username, an Approve sign in screen appears showing you a two-digit number and asking you to sign-in through the Microsoft Authenticator app. If you don’t want to use this sign in method, you can select Use your password instead, and sign in using your password.

    Approve sign-in box on computer

  2. Open the notification or the Microsoft Authenticator app on your device, and then tap the number that matches the number you see on your computer’s Approve sign-in screen.

    Approve sign-in box on device

  3. Choose Approve if you recognize the sign-in attempt. Otherwise, choose Deny.

  4. Use your phone’s PIN or your biometric key to complete the authentication.

Turn on and use phone sign-in for your personal Microsoft accounts

You can turn on phone sign-in for your personal Microsoft account, such as the account you use to sign in to Outlook.com, Xbox, or Skype.

Note

To help protect your account, the Microsoft Authenticator app requires a PIN or biometric lock on your device. If you keep your phone unlocked, the app requires you to set up a security lock before turning on phone sign-in.

Turn on phone sign-in

Open the Microsoft Authenticator app, go to your work or school account, and turn on phone sign-in.

  • When you tap on the account tile, you see a full screen view of the account. If you see Phone sign-in enabled that means you are fully set up to sign in without your password. If you see Enable phone sign-in, tap it to turn on phone sign-in.
  • If you’re already using the app for two-factor verification, you can tap the account tile to see a full screen view of the account. Then tap Enable phone sign-in to turn on phone sign-in.
  • If you can't find your account on the Accounts screen of the app, it means that you haven't added it to the app yet. Add your personal Microsoft account by following the steps in the Add personal Microsoft accounts article.

Sign in to your account using phone sign-in

  1. Go to your personal Microsoft account sign-in page, and then instead of typing your password, select the Use the Microsoft Authenticator app instead link.

    Microsoft sends a notification to your phone.

  2. Approve the notification.

Sign in using two-factor verification for your account

The standard two-factor verification method requires you to enter your username and password into the device you're signing in to, and then choose whether the Microsoft Authenticator app receives a notification or if you want to copy the verification code from the Authenticator app. On an Android device, the verification codes can be found on the Accounts screen. On an iOS device, these verification codes can be found in the Accounts screen or the full screen view of an account depending on the type of account. You turn on two-factor verification for your account when you add the account to the Microsoft Authenticator app.

Note

If you don't see your work or school account or your personal account on the Accounts screen of the Microsoft Authenticator app, it means that you haven't added the account to the Microsoft Authenticator app. To add your account, see Add your work or school account or Add your personal accounts.

For the steps necessary to sign in to your work or school or your personal account, using the various methods of two-factor verification, see Sign in using two-step verification or security info.

Frequently asked questions

Question Solution
How is signing in with my phone more secure than typing a password? Today most people sign in to web sites or apps using a username and password. Unfortunately, passwords can be lost, stolen, or guessed by hackers.

After you set up the Microsoft Authenticator app, it creates a key on your phone to unlock your account that’s protected by your phone’s PIN or biometric lock. This key is then used to prove your identity while signing in.

Important
Your data is only used to protect your key locally. It’s never sent to, or stored in, the cloud.
Does phone sign-in replace two-step verification? Should I turn it off? Phone sign-in is a type of two step verification where the two steps both happen on the mobile device. You should keep two step verification turned on to help provide additional security for your account.
If I keep two-step verification turned on for my account, do I have to approve two notifications? No. Signing in to your Microsoft account using your phone also counts as two-step verification, so there is no second approval required.
What if I lose my phone or don’t have it with me? How do I access my account? You can always select the Use a password instead link on the sign-in page to switch back to using your password. However, if you use two-step verification you’ll still need to use a second method to verify your identity.

Important
We strongly encourage you to make sure you have more than one, up-to-date, verification method associated with your account.

You can manage your verification methods for personal accounts from your Security settings page. For work or school accounts, you can go to your organization’s Additional security verification page or the Keep your account secure page if your administrator has turned on security info. For more information about security info, see Security info (preview) overview.

If you’re unable to manage your verification methods, you must contact your administrator.
How do I stop using this feature and go back to using my password? For personal accounts, select the Use a password instead link during sign in. Your most recent choice is remembered and offered by default the next time you sign in. If you ever want to go back to using phone sign-in, select the Use an app instead link during sign in.

For work or school accounts, you must either unregister the device from the Settings page of the Microsoft Authenticator app, or disable the device from the Devices & activity area of your profile. For more information about disabling your device from your profile, see Update your profile and account info from the My Apps portal.
Why can’t I use more than one work or school account for phone sign-in? A phone must be registered to a single work or school account. If you want to turn on phone sign-in for a different work or school account, you must unregister your account from this device through the Settings page.
Can I sign in to my computer using my phone? For your computer, we recommend signing in using Windows Hello on Windows 10. Windows Hello lets you use your face, fingerprint, or PIN to sign in.

Next steps