Manager’s Guide: Helping new staff set up Microsoft Authenticator

Confirm that Passwordless is enabled in Microsoft Authenticator
2025-09-29
Windows Update changes
2025-09-29
Confirm that Passwordless is enabled in Microsoft Authenticator
2025-09-29
Windows Update changes
2025-09-29

What is Passwordless Authentication and Why Use It?

Passwordless authentication is a modern security approach that allows users to access systems and applications without needing to enter a traditional password. Instead, users verify their identity using more secure methods such as biometrics (fingerprint or facial recognition), security keys (like FIDO2), or authentication apps (such as Microsoft Authenticator). This method significantly reduces the risk of phishing attacks, password theft, and unauthorised access, as there are no passwords to steal or reuse. For organisations, passwordless authentication streamlines the login process, improves user experience, and enhances overall security by eliminating one of the most common points of failure in digital security—the password.

Overview: Device Consent & Options

Putting the authenticator on a phone does not put email on the phone, only the ability to authenticate to work devices. The authentication is generally only used when setting up a staff members account initially. After the initial set up, they will use a PIN or biometric logon for day-to-day authentication. Staff members have the right to refuse installation of Microsoft Authenticator on their personal devices. If a staff member does not wish to use their personal device for work authentication, a FIDO2 security key can be provided for secure authentication.

Microsoft Authenticator App Download

Scan the appropriate QR code below to download the Microsoft Authenticator app:

Apple App Store:

*Or search for “Microsoft Authenticator” on the App Store.

Google Play Store:

*Or search for “Microsoft Authenticator” on Google Play.

Instructions: Setting Up Microsoft Authenticator (Passwordless Login)

Follow these steps to set up Microsoft Authenticator with passwordless authentication for a new employee.

  • Step 1: Staff Prerequisites
    • Confirm the Staff member has a smartphone capable of installing the Microsoft Authenticator app.
    • Confirm that you have been provided with the initial username and Temporary Access Pass (TAP).
  • Step 2: Download and Install Microsoft Authenticator
    • Scan the relevant QR code above or download the app from the appropriate store.
    • Install the Microsoft Authenticator app on the employee’s device.
  • Step 3: Initial Sign-In Using Temporary Access Pass
    • Open the Microsoft Authenticator app.
    • Tap “Add account” and select “Work or school account”.
    • When prompted, enter the employee’s company email address (username).
    • You should be prompted for the Temporary Access Pass. If you are not, confirm that the TAP is within the scheduled time
    • Enter the Temporary Access Pass provided.
    • Complete any additional identity verification steps required (e.g., SMS or email code).
  • Step 4: Register for Passwordless Authentication
    • Once the account is added, open Microsoft Authenticator.
    • Tap on the newly added work or school account.
    • Select Enable Phone Sign-In. This will register the device for passwordless authentication.
    • Follow the prompts to approve the registration and authentication with your company’s Microsoft account.
    • If prompted, set up a device PIN or biometric authentication (fingerprint/face recognition).
  • Step 5: Computer access
    • Staff can now log in to company computers using their Web sign-in (Microsoft Authenticator).
    • On the Windows Logon screen, choose the “Signin Options” but then click the cloud icon.
    • Click the Signin button and enter your email address and complete the signing process on your phone.
    • As you sign in, create your Windows Hello PIN. You are now set up on this device.
    • You can use either option (Web sign-in or PIN) on this computer going forwards by selecting the Globe Icon for signin with your authenticator app OR (preferably) use the Number Pad icon to use your PIN.
  • Step 6: Completion and Confirming Access
    • Verify the employee can log into required company applications with passwordless sign-in.
    • Instruct the employee to keep their app updated for security reasons.
    • Remind the employee that if they get a new mobile device, they will need to set up Microsoft Authenticator again on this new device. To complete this process, they will need their old Authenticator OR they will need to contact IT for a new Temporary Access Pass.

Support & Troubleshooting

  • If you encounter problems enrolling the Authenticator App, contact IT support immediately.
  • Keep all registration and recovery information confidential and available only to authorized personnel.