I have been running MFA for Office 365 user accounts up-and-running for quite some time now and very satisfied with it. But as you may have seen in the blogpost, I have been running SMS only, and with a 30 days renewal that works fine. But I was also interested in the Authenticator app, especially when running multiple clients on mobile devices.
Changing the authentication can be done on a per-user basis. Logon to the Microsoft portal (portal.office.com) using your regular work account. Select My Account (under your thumbnail profile picture) and select Security and Privacy and click Additional security verification as shown in the following screenshot:
Select Update your phone numbers used for account security, check the Authenticator app or token checkbox and click Setup authenticator app button.
Scan the QR code on your mobile device in the authenticator app, confirm the registration, click Save and you’re all set. The next time you logon to Office 365 you’ll see the following Approve Sign in Request window:
But instead of entering a verification code received via SMS you must approve the sign in on the Authenticator app.