New Phone? How to move MS MFA across…

Microsoft Authenticator Icon

I recently damaged the screen of my android mobile and made a decision to replace it – it was still usable in the short term as the screen still worked; it just had a crack across it (it was a Samsung Galaxy S8 so probably prone to this anyhow). I managed to migrate all my applications across and my data without too much difficulty but was a little unsure how to move the accounts within the Microsoft authenticator application across to the new phone. I had installed the application without too much of a problem but migrating the accounts was challenging and not well documented.

So here’s how I did it.

 

You need:

a)       Access to the internet and in particular to Azure or O365… or somewhere where you can log into the account management settings

b)      Access to the new device

c)       Access to the old device (although this is probably optional)

 

What to do:

  1. Log into Office 365 or Azure

  2. Click on the “person” icon in the top right corner of the web page to get the user account contextual menu:

3. Click “View account” and it takes you to:

4.       Select “Additional security verification” and it takes you to:

Notice that it shows here your current MFA authenticator app device – SM-G950F for me in the picture above – and any other authentication methods that have been set as alternatives along with which option is the default.

I chose here to add the new authenticator app before removing the old one. Its worth noting down what the old one is called now so you know when you come to delete it later and don’t inadvertantly delete the new one.

5.       Select “Set up Authenticator app” and you get taken to

6.       Now move over to working on your phone and open the Microsoft Authenticator app on the new phone (shown with the existing authenticator accounts blacked out)

7.       Click the three dots in the top right of the application

8.      Select “Add Account”

9.       Choose the appropriate type of account – for an Azure AD based account this is “Work or school account”

10.       Scan the QR code on your PC / laptop.

At this point the QR code scanner appears within the application and you point it at the QR code displayed on the PC / laptop screen. If you take too long to get through the above sequence I have found that it does not recognise and accept the QR code and you have to regenerate it.

Once the application scans the QR code this screen disappears and you up with account added to the authenticator application on the new phone.

11.       The authentication dialogue on the PC / Laptop will now inform you it is sending a notification to the authenticator app which you must respond to before it will complete the process.

Once you have responded to the notification on your mobile your list of authenticator apps on the “Additional Security Verification” screen shown at step 4 will update to show both your old and new authenticator apps in the list at the bottom.

12.       Back on your PC / Laptop in the “Additional Security Verification” screen you should now be able to press the “Delete” button next to the old Authenticator app to remove it. I’d advise leaving it a few days before doing this to make sure that the new app MFA works properly.

You’re finished now – enjoy your new device.

AMDH Services Ltd is an Office 365 and Azure specialist. As your ICT partner, we can help you strengthen your identity controls to deliver improved security. To find out how we can help, give us a call on 01332 322588.

Want to know more about authentication solutions?

Want to know more?

If you’re organisation is looking to get more from its technology but doesn’t know where to start, AMDH Services can help.