MFA Setup & Recovery | SMS IT Support

What is MFA?

Multi-Factor Authentication (MFA) is an extra security step when you sign in. After entering your password, Microsoft will ask you to verify it's really you — usually through a code sent to your phone or a tap in the Authenticator app. This protects your account even if your password is stolen.

How to Register for MFA

You only need to do this once. After setup, signing in will be smooth and secure.

1

Go to the MFA Setup Page

Open your browser and visit the MFA setup portal. Sign in with your school Microsoft 365 email and password.

Open mfa.onesms.org

2

Download the Microsoft Authenticator App

On your smartphone, download the Microsoft Authenticator app (it's free).

iPhone: Search "Microsoft Authenticator" in the App Store
Android: Search "Microsoft Authenticator" in the Google Play Store

Tip: The app icon is blue with a lock symbol. Make sure it says "Microsoft Corporation" as the developer.

3

Add Your School Account in the App

Open the Authenticator app, tap the + (plus) button, and choose "Work or School account". Then tap "Scan QR code" and point your camera at the QR code shown on your computer screen.

Tip: If the camera can't scan, you can tap "Enter code manually" and type the code shown on screen instead.

4

Approve the Test Notification

Microsoft will send a test notification to your phone. Open the Authenticator app and tap Approve. This confirms the setup was successful.

5

Add a Backup Verification Method (Recommended)

It's a good idea to also register your phone number as a backup. On the MFA setup page, click "Add sign-in method" and choose "Phone". Enter your mobile number and verify it with the code sent via text.

Important: Having a backup method means you won't get locked out if your phone is lost or replaced.

Lost Your Phone or Authenticator Access?

If you've gotten a new phone, lost your phone, or deleted the app, here's what to do.

1

Try Your Backup Verification Method

On the Microsoft sign-in screen, click "Use a different verification option" or "I can't use my Microsoft Authenticator app right now". If you have a backup phone number registered, Microsoft will send a text code to that number.

2

Got a New Phone? Re-register the Authenticator App

If you signed in using your backup method, go back to mfa.onesms.org and remove the old device, then follow the MFA Registration steps above to add your new phone.

Tip: Do this before handing in or resetting your old phone if possible!

3

Can't Sign In at All? Contact IT

If you have no backup method and cannot sign in, our IT team can reset your MFA for you. Contact us and we will verify your identity and restore access.

Email ardc_support@onesms.org Open a Support Ticket

Set Up Self-Service Password Reset (SSPR)

SSPR lets you reset your own password anytime — without contacting IT. Setting it up now saves you time later. It only takes 2 minutes.

Do this now, before you forget your password! SSPR only works if you set it up while you can still sign in.

1

Go to the MFA/Security Info Page

Sign in and visit the security info page. This is also where you manage SSPR methods.

Open mfa.onesms.org

2

Click "Add sign-in method"

On the Security info page, click + Add sign-in method. For SSPR to work, you need at least two of the following registered:

Authenticator app (Microsoft Authenticator)
Phone number (text message or call)
Alternate email (your personal email)
Passkey (see section below)

3

Add Your Mobile Phone Number

Choose Phone from the list, select Text me a code, enter your mobile number, and verify it with the code sent via SMS. This is your backup if the app is unavailable.

4

Add an Alternate Email (Optional but Recommended)

Choose Email and enter a personal email address (Gmail, Yahoo, etc. — not your school email). Verify it with the code sent to that inbox. This gives you a third recovery option.

5

You're All Set!

With at least two methods registered, you can now reset your own password anytime by going to password.onesms.org — no IT ticket needed.

Test it out by visiting the password reset page and checking that your options appear correctly.

Sign In with a Passkey (Passwordless)

A passkey lets you sign in to your Microsoft 365 account using your device's built-in security — like your fingerprint, face, or PIN — instead of a password. It's faster, safer, and you never have to remember a password again.

Passkeys are supported on modern devices. They are stored securely on your device or in your password manager and never leave your device — making them much more secure than passwords.

How to Add a Passkey to Your Account

1

Go to Security Info

Sign in and go to mfa.onesms.org. Click + Add sign-in method and choose Passkey (FIDO2) or look for "Passkey" in the dropdown list.

2

Choose Where to Save Your Passkey

Your browser or device will ask where to save the passkey. Choose the option that best fits your device:

iCloud Keychain / Apple Passwords

Available on iPhone, iPad, and Mac running iOS 16+ or macOS Ventura+.
When prompted, choose "Save to iCloud Keychain" or "Use iPhone/iPad".
Verify with Face ID, Touch ID, or your device passcode.
Your passkey syncs across all your Apple devices automatically via iCloud.
You can view and manage passkeys in the Passwords app (iOS 18+) or Settings → Passwords.

Google Password Manager

Available on Android phones and in the Chrome browser on any device.
When prompted, choose "Save to Google Password Manager" or "Use your Android phone".
Verify with your fingerprint or screen lock PIN.
Your passkey syncs across devices where you're signed in to your Google account.
Manage passkeys at passwords.google.com.

Samsung Pass

Available on Samsung Galaxy phones and tablets.
When prompted, choose "Use Samsung Pass" or your Samsung device from the list.
Verify with fingerprint or face recognition as set up on your device.
Passkeys are stored securely in Samsung Pass and sync across Samsung devices linked to your Samsung account.
Manage passkeys in the Samsung Pass app on your device.

Windows Hello

Available on Windows 10 and Windows 11 laptops and desktops.
When prompted in your browser, choose "Windows Hello or external security key."
Verify with your Windows PIN, fingerprint, or face recognition (if set up).
The passkey is stored securely on your Windows device and tied to your Windows Hello setup.
Best for school-issued Windows laptops where you always sign in the same way.

3

Complete Verification and Name Your Passkey

After saving, you'll be asked to verify once with your current sign-in method (password + MFA). Give your passkey a name you'll recognize (e.g., "My iPhone" or "Work Laptop") and click Done.

Next time you sign in to Microsoft 365, you can choose "Sign in with a passkey" and use your fingerprint or face — no password needed!

Common MFA Questions

Do I need MFA every time I sign in?

Not always. On a trusted device that you use regularly, Microsoft usually only asks for MFA once. If you sign in from a new browser, a different device, or after a long time, it will prompt you again as a security check.

Why did I get an MFA notification I didn't request?

If you receive an Authenticator notification but you are not trying to sign in, tap Deny immediately. This could mean someone else has your password and is trying to access your account. Change your password right away at password.onesms.org and report it to ardc_support@onesms.org.

My MFA notification is not arriving — what do I do?

Check that your phone has an internet connection. Open the Authenticator app — sometimes the notification appears inside the app even if the phone alert didn't show. If that still doesn't work, on the sign-in screen choose "Use a different verification option" to receive a text code instead.

Can I use MFA without a smartphone?

Yes. You can use a basic mobile phone to receive a text message (SMS) verification code instead of the Authenticator app. Let IT know and they can configure your account to use this method.

Need hands-on help with MFA? Submit a ticket at support.onesms.org or email ardc_support@onesms.org.