Migrating from Microsoft Authenticator
Migrating from Microsoft Authenticator to Ente Auth requires reconfiguring 2FA for each account. Microsoft Authenticator does not provide a direct export option for moving TOTP codes to another authenticator app.
Microsoft's backup and restore feature is mainly meant for restoring accounts back into Microsoft Authenticator, and it only works between the same device type. For example, an iOS backup cannot be restored on Android.
WARNING
Do not delete Microsoft Authenticator until all your accounts have been added to Ente Auth and verified.
Also make sure you have recovery codes or another sign-in method for important accounts before starting.
Method 1: Reconfigure 2FA for each account
Since Microsoft Authenticator does not provide a portable export file, the safest way to migrate is to reconfigure 2FA for each account.
Step 1: Install Ente Auth
Install Ente Auth on your phone or desktop.
Log in to your Ente account if you want encrypted backups and sync. You can also use Ente Auth without backups.
Step 2: Open the account's security settings
For each account stored in Microsoft Authenticator, sign in to that service from a browser.
Look for settings named:
- Two-factor authentication
- Multi-factor authentication
- Authenticator app
- Security info
- Two-step verification
- Login verification
Step 3: Replace the authenticator app
Most services do not show the original QR code again after setup.
You will usually need to remove the existing authenticator app and add it again. The website will then show a new QR code or setup key.
For Microsoft accounts, this is usually available from the Security page under Manage how I sign in. Microsoft also lets users add a new way to sign in or verify.
Step 4: Add the account to Ente Auth
Open Ente Auth.
Tap the add button and scan the QR code shown by the service.
If you cannot scan the QR code, choose the manual setup option on the service and copy the secret key into Ente Auth.
Step 5: Verify the code
Enter the code generated by Ente Auth on the service's setup page.
Only continue after the service confirms that the code is valid.
Step 6: Repeat for all accounts
Repeat the process for every account in Microsoft Authenticator.
Once all accounts have been added and tested in Ente Auth, you can remove them from Microsoft Authenticator.
Method 2: Add Ente Auth as an additional authenticator
Some services let you add more than one authenticator app without removing the existing one.
In that case:
- Sign in to the account.
- Open security settings.
- Choose to add another authenticator app.
- Scan the new QR code with Ente Auth.
- Verify the code generated by Ente Auth.
- Keep Microsoft Authenticator until Ente Auth is confirmed to work.
This is safer than removing the old authenticator first, but not every service supports it.
Migrating Microsoft work or school accounts
For Microsoft work or school accounts, your organization may control which authentication methods are allowed.
If you do not see an option to add another authenticator app, or if the setup forces Microsoft Authenticator specifically, contact your administrator.
Some organizations require Microsoft Authenticator for push approvals or number matching, and may not allow third-party authenticator apps.
After migrating
Once your accounts are working in Ente Auth:
- Save recovery codes for important accounts.
- Make sure Ente Auth backup and sync are enabled if you want access across devices.
- Test your most important logins.
- Remove old entries from Microsoft Authenticator only after testing.
- Keep your recovery codes somewhere safe.