The Outlook mobile app can help you complete two-step verification. Two-step verification, also known as multi-factor authentication, helps you access your accounts more securely. Passwords can be forgotten, stolen, or guessed, and SMS text codes can be insecure.

You can use Outlook to authenticate in two ways:

  • Receive a push notification after entering your password online

  • Use a TOTP (Time based One-Time Passcode)

Select a heading below for more information

Prerequisites

  1. You must have Outlook downloaded on your Android or iOS device and add a work or school email account. If you haven't downloaded and configured your Outlook app for your work or school account, follow the instructions here.

  2. Your organization must allow you to use Outlook to authenticate. If you are not sure whether your organization allows you to use Outlook for two-factor verification, ask your IT administrator.

  3. You should have at least one other verification method already configured. You can check this at https://aka.ms/mysecurityinfo. You can also use a temporary access password provided by your IT administrator.

Registering your app

When your organization enables you to use two-step verification in Outlook, you should see a banner near the bottom of your Outlook screen. Tap Sign-in to proceed with the registration process.

An inbox in Outlook mobile showing a banner at the bottom of the screen with a "sign in" button. 

Note: If you don’t see the banner or pop up, you'll need to turn them on manually. See Managing your settings, below, for instructions.

Next, you'll see another pop-up letting you know that you are eligible to upgrade your authentication methods. Once you select I understand, you may be asked to sign in to verify your identity. Then you should be registered to use Outlook for authentication.

Push notifications

Once you are successfully registered, you can use Outlook to sign in.

When you sign into your work or school account, you may be prompted to approve a notification on your Outlook app. To approve it, open your Outlook app. If you do not see a notification, refresh your inbox to check for one.

An authentication prompt in Outlook, waiting for the user to type in the number shown by the site they're trying to sign into.

Once you see the notification, enter the number displayed on your screen to complete the authentication.

Important: If you aren't trying to sign into the account listed, select “No, it’s not me” and immediately report the incident to your IT admin. A random authentication request may be an indication that somebody is trying to break into your account.

Use a One-time Passcode (TOTP)

To use a code to sign-in, select ‘Use a code’ where you initiated your sign-in.

To get the code from Outlook, open Outlook, select the circle in the top left, then the settings gear in the bottom left. Select the account that is registered for MFA, then scroll down until you see ‘Authenticator’. Select the tab to see your code and tap it to copy. Enter this code to complete your sign-in.

A one-time passcode shown in the Authenticator tab of Outlook mobile

To turn approving notifications on or off from Outlook, open Outlook, select the circle in the top left, then the settings gear in the bottom left. Select the account that is registered for MFA, then scroll down until you see Authenticator. Select the tab to toggle your registration On or Off.

Learn more 

Microsoft security help and learning

A phish story

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.