In this article we will dive into the 2 ways with which you can move your MFA for your UofG account.
1. Migrating the Microsoft Authenticator App using a personal Microsoft account
(Please note that in this scenario, having access to both devices and to a personal Microsoft account are essential.)
Using the personal Microsoft account for the backup, will allow you to back up all the accounts that you have set up MFA for through the Microsoft Authenticator app. This is especially useful when there are organizational accounts involved.
- Open Microsoft Authenticator on your old phone. Tap the three vertical dots at the top right, and then tap "Settings."
- In the "Backup" section, toggle-On "Cloud Backup" on an Android phone, or "iCloud Backup" on an iPhone.
- This will proceed to back up your data. (Note that this will back up your MFA codes to the account you used to set up the authenticator. If you did not sign in, you will be asked to log in with a Microsoft account. The UofG work/school account is NOT recognized as a Microsoft account. i.e.mfa-user@outlook.com or mfa-user@hotmail.com.)
- You can then proceed with your new phone. Install the Microsoft Authenticator app (from either Play or Apple Store) and then open it.
- You will see at the bottom of the screen the recovery tool that says "Already have a back-up? Sign in to your recovery account." Click on "Begin recovery".
- Once you do this, you'll be asked to sign in to the Microsoft account you used for the backup on your old phone. Your accounts will then automatically be added to Microsoft Authenticator on your new one.
- Please note that some accounts will ask you to validate again, to confirm it is you by signing in to those accounts or scanning a QR code. Microsoft Authenticator will display a message if you need to do this.
- Once done, test all your accounts are present, then go ahead and remove the Microsoft Authenticator app from your old phone.
2. Migrating manually an MFA factor from the Microsoft Authenticator App
In this scenario, you need access to one MFA factor. Whether that is through the old device or a different one (i.e. TOTP token, sms, etc.), does not play a role as long as you can log in to your UofG account. In the example below, the assumption is that access to the old device is still available.
- While you still have access to your old device, log in to your UofG account (through Web or Outlook) on your computer.
- Navigate to your account's picture and click "View Account".
- Under "Security Info" you can see all the MFA factors set under your account. It is recommended to have at least 2 MFA factors set up so that you will not use access to your account if you cannot access that one MFA factor, i.e. losing/forgetting your phone.
- You can then press "Delete" to the MFA factor that is the Microsoft Authenticator App on your old device.
- Click "Ok" to verify the removal of the Microsoft App. Please note that after completing this, you will not be immediately logged out of your browser session. If you select to sign out and then sign back in, you will have to redo the steps for the MFA setup. Otherwise, you will be asked to set up a method (if this was your only method) next time you log in. If you are adding a second method, then skip to the next step. As a reminder, these steps are included in the screenshots below.
- If you are simply adding another factor to the one you already have, then under your email account settings for Security Info, you select "Add sign-in method" and select Microsoft Autheticator App. Then follow the same setup for the setup of the Microsoft Authenticator App as described above.