Preparation
Before you start it is important to make sure that all your 2FA security info for your Microsoft account is up to date. You will need to use your mobile number to receive a 2FA code via text to log into Microsoft Authenticator on your new device.
Turn on cloud backup
Start by opening the Microsoft Authenticator app on your old device. Tap on the three lines in the top left-hand corner and then tap ‘Settings’.
Look for the ‘Backup’ section and tap the toggle to switch on ‘Cloud Backup’. You will now see a pop up confirming that your 2FA accounts have been backed up as well as displaying the email address you will use to recover the accounts on your new device.
It’s as easy as that! Now that your account is backed up to the cloud you can move onto the next step.
Recover your accounts on your new device
Download the Microsoft Authenticator app from the Apple app store or Google play store on your new device. Open it and Accept the Microsoft Privacy Statement and then continue.
You will now be met with the option to restore your accounts. Tap the ‘Restore from backup’ option at the bottom of the screen.
You will now get a pop-up with an option to allow notifications from Microsoft Authenticator. Tap ‘Allow’ so that you will be notified when signing into an account and 2FA is required. Next you will see a pop-up letting you know that ‘App lock’ is enabled by default. Tap ‘OK’ to proceed.
Restore the account
You will now have the option to choose which account you would like to recover. There will be 2 possible options. Your back up account will be shown for you to select, or you will need to add the backup account.
- If your account is already shown, go ahead and tap on it and enter in your password for the account. You can now skip past option 2.
- If your account is not shown, tap ‘Add new account’ and enter in the email that you used to back up your account to the cloud with and the password for that account.
You will now need to verify your identity. This is where our guide on keeping your 2FA mobile number up to date for your Microsoft account comes in really handy (see link at the end if you are changing number too).
Tap on ‘Show more verification methods’ and you will see the option to verify your identity via text message. You will be asked to verify by entering the last 4 digits of the phone number you use for 2FA. Once you have entered in the digits tap ‘Send code’.
You will receive a text message with a code to enter into the on-screen prompt. Once you have entered in this code tap ‘Verify’.
How you unlock your device will determine the next pop up that you see. You will now either enter the passcode you use for your device or allow your device to use face ID or fingerprint ID to unlock Microsoft Authenticator.
If you use face or fingerprint ID press ‘OK’ to proceed. If you use a passcode to unlock your phone you will need to enter in this passcode on screen.
You have now successfully recovered your Accounts! Tap ‘OK’ on the pop-up that confirms the successful recovery.
If there are no warnings for ‘Action required’ on your 2FA accounts you are now fully set up on your new device. If you do see warnings on your accounts please proceed to the next step.
Action Required For Microsoft Work Or School (M365) Accounts
Some accounts that are managed by an organisation require additional steps to recover. These accounts will show a red warning symbol with an ‘Action required’ label displayed.
If this is a work or school Microsoft account, you will be required to log into your Microsoft account on a PC and scan the QR code associated with this account.
On your PC
Open a web browser on your PC and navigate to https://portal.office365.com/. Click on ‘Sign in’ in the top right-hand corner and enter in the log in credentials for the Microsoft account that you are attempting to recover. Click on your profile picture/ display name in the top right corner and then click ‘View account’.
Look for the ‘Security info’ tile and click on ‘Update Info’.
This will take you through to the ‘Security Info’ page. Here you can manage the different 2FA sign in methods for your Microsoft account. You will see ‘Microsoft Authenticator’ listed with the option to delete this method. Go ahead and click ‘Delete’, then click ‘Ok’ to confirm.
Now click on the ‘Add sign-in method’ option at the top of the list.This will bring up a popup with a drop-down menu. Click on the ‘Choose a method’ box, select ‘Authenticator app’ and click ‘Add’.
Once you have clicked ‘Next’ on the next 2 pop-ups you will be shown a QR code on your PC screen.
On your phone
In the Microsoft Authenticator app on your new device, tap on the account with the red exclamation mark icon and then tap on the ‘Action required’ text on the next screen.
Your device may ask you to allow Authenticator to access your devices camera. If this happens tap ‘OK’, then scan the QR code. You will be taken back to the main screen in Authenticator. Click ‘Next’ on the pop-up displaying the QR code on your PC.
You will now be shown a number on the screen that you will need to input into your new device. Once you have input the code tap ‘Yes’.
You will now receive a message on screen letting you know that the 2FA notification was approved. Finally click ‘Next’.
You have now restored your 2FA accounts on your new device.
Further Links
If you use Google Authenticator, we have another guide on How to transfer 2FA accounts from Google Authenticator to a new device.
If you are also changing phone numbers, follow our guide on How To Change Your 2FA Mobile Number In Your Microsoft 365 Account