Skip to main content

Set up Microsoft Authenticator (MFA) on a new phone

Jason Schadow

When you get a new phone, your Microsoft 365 multi-factor authentication (MFA) doesn't move across on its own. The Microsoft Authenticator app's approval is tied to the specific device it was set up on, so a new handset won't receive your sign-in approvals until you register it.

The golden rule is to set up your new phone while your old phone still works. Add the new device first, confirm it works, and only then remove the old one and wipe it. Doing it in that order means you're never locked out. If you've already lost or wiped your old phone, skip to the last section and contact RWTS Support.
 

Before you start: new phone, or new number?

This changes how much you need to do:

  • Same number, new handset: Only the Microsoft Authenticator app needs re-registering. If you also have text message (SMS) set up as a backup, that's tied to your number and will keep working — you don't need to touch it.
  • New number as well: You'll need to re-register the Authenticator app and update your phone/SMS method.

It's worth keeping two working methods at all times (for example, Authenticator app plus SMS), so that losing one device never locks you out.
 

Step 1: Install Microsoft Authenticator on your new phone

On your new phone, install the Microsoft Authenticator app from the App Store (iPhone) or Google Play (Android). Open it once so it's ready, but don't try to add your account from inside the app yet — we'll do that from the next step.
 

Step 2: Open your Security info on a computer

It's easiest to do this on a computer with both phones nearby.

  1. Open a browser and go to https://aka.ms/mfasetup (this is the same as going to https://myaccount.microsoft.com and choosing Security info).
  2. Sign in with your work Microsoft 365 account (your work email address). You'll be asked to approve the sign-in on your old phone — that's expected, as it's still your active device.
  3. You'll land on the Security info page, which lists the sign-in methods currently registered to your account.

Important: Use myaccount.microsoft.com, not account.microsoft.com. The second one is for personal Microsoft accounts (Outlook.com, Xbox) and won't show your work account's methods.

 

Step 3: Add the Authenticator app for your new phone

  1. On the Security info page, select + Add sign-in method.
  2. Choose Authenticator app, then Add, and follow the prompts until a QR code appears on the screen.
  3. On your new phone, open Microsoft Authenticator → + (Add account) → Work or school accountScan a QR code, and scan the code on your screen.
  4. The website will send a test approval to your new phone. Approve it to confirm the new device is working.

Don't remove anything yet - make sure this test approval succeeds first.
 

Step 4: Update your phone number (only if your number has changed)

Skip this step if you've kept the same number.

If your number is new:

  1. On the Security info page, find your existing Phone method.
  2. Add your new number as a Phone method (you'll be sent a code to verify it).
  3. Leave the old number in place for now — you'll remove it in the next step.

 

Step 5: Remove the methods linked to your old phone

Now that the new phone is registered and tested, tidy up the old one:

  1. On the Security info page, find the Authenticator app entry for your old phone (and the old Phone/SMS entry, if the number changed).
  2. Select Delete next to each old entry and confirm.

Make sure you still have at least one working method left (your new phone), and ideally two.
 

Step 6: Repeat for any other work accounts

If you have more than one work account in Microsoft Authenticator — for example a second organisation, or guest access to a client or partner's systems — each one is managed separately on that organisation's own Security info page.

  • For other RWTS-managed accounts, repeat Steps 2–5 signed in as that account.
  • For guest access to a partner's SharePoint or Teams, you often can't self-serve the change — the partner's own IT team may need to reset the guest access. If a partner site stops working after your phone change, let RWTS know and we'll coordinate with them.
  • Personal logins (personal Microsoft account, Google, banking apps, etc.) aren't managed by RWTS. You can re-add these yourself from within the Authenticator app.
     

Step 7: Confirm everything works, then wipe the old phone

Before you factory reset or hand on your old phone:

  1. Sign out of a Microsoft 365 service (or open an InPrivate / Incognito browser window) and sign back in with your work account.
  2. Confirm the approval prompt arrives on your new phone and that you can complete it.

Once you've confirmed a real sign-in works on the new phone, it's safe to factory reset / erase the old phone. Never sell or pass on a phone that still has Microsoft Authenticator active on it.
 

If you no longer have your old phone

If your old phone has already been lost, stolen, or wiped, you won't be able to approve the sign-in needed to make these changes yourself. Please contact RWTS Support - we can reset the MFA methods on your account or issue a Temporary Access Pass, a short-lived code that lets you sign in once to register your new phone cleanly.
 

Log a case with RWTS Support

If you get stuck at any point, or you've lost access to your old device, please log a case with RWTS Support.
 

Contact RWTS Support

  • Email: support@rwts.com.au
  • Phone: 1300 798 718
  • Or submit a request through the Real World Help Centre.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk