Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,554 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 5%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 25%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 62%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Go to https://entra.microsoft.com as your administrator ID. Left pane.. expand PROTECTION > AUTHENTICATION METHODS > ..right pane on left side.. REGISTRATION CAMPAIGN > ..right side ~1/3 down.. Settings: [EDIT] , limited number of snoozes: DISABLED.
Now users can just ignore/snooze installing the “requirement” for MFA application.
I suggest you manually enable MFA on your users, though. Also set a quarterly calendar reminder to review the MFA settings to ensure you didn't forget the new-user step to activate MFA. The user can supply a few authentication methods, such as SMS text to cell phone, a phone-call, or email method. Note that you can have it voice-call the user's MS Teams phone or email MS Outlook -- however, if he/she needs to authenticate to both Teams and Outlook, well, he/she is out of luck! So, you essentially must have the user also input a home phone and/or home email. I have a couple users who refuse to use a home phone or home email -- my security audit concerns require MFA, so for those resistant users I input our IT phone as the authentication method (you can use the same phone for multiple accounts) and those users must call me and ask me to give them the authentication code.
Here's how to manually enable MFA on a user:
Go to https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx which also is accessed from admin.microsoft.com > USERS > ACTIVE USERS > ..at top MULTI-FACTOR AUTHENTICATION >>>
..at the top.. USERS > select user whose setting is currently Disabled for MFA > ENABLE > [ENABLE MULTI-FACTOR AUTHENTICATION] > [CLOSE] > ..again click same user.. [ENFORCE] > [ENFORCE MULTI-FACTOR AUTH] > [CLOSE]
john
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 90%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 0%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)