Hardware tokens for Office 365 / Azure cloud Multi-factor authentication

How to use Token2 miniOTP-1 tokens with Azure MFA

Token2 miniOTP-1 card is a "drop-in" replacement of mobile applications such as Google Authenticator or Token2 Mobile OTP. If you are using Office 365 with Azure MFA protection enabled, you can use miniOTP-1 card as an alternative to mobile application method by following the instructions below. Please note that this requires no administrative priveledges and any user can benefit from this method.  The only prerequisite is an NFC-enabled portable device running Android (v3.x and higher). 


Step1. Install Token2 Burner App and make sure your token is accessible via NFC. 

You can test NFC access by "get OTP" button of the app: push the button on the miniOTP-1 device and hold it close to the NFC antenna of your Android device (usually below the camera on the back). Then on the Burner App, touch "get OTP" button. The OTP shown on the app should match the one displayed on the token.




Step 2. Enable or reconfigure Authenticator app on your Office 365 account

Navigate to MFA setup page and make sure you have Authenticator app setting enabled. 

Click on the "Configure" button. A QR code will be shown on the pop-up page. Click on "Configure app without notifications" link in order to switch from the default proprietary QR code format (phonefactor) to standards-based TOTP profile.


Keep this window open and proceed to Step 3 on your mobile device. 


Step 3. Burn the token with Token2 Burner App

Launch Token2 Burner App on your Android device. Click on Scan QR button and scan the QR code shown on the configuration page as described in the previous step. Then, push the button on the miniOTP-1 device and hold it close to the NFC antenna of your Android device (usually below the camera on the back). Click on "burn seed" button. The app should show "burn seed process succeeded" message if the process is successfully completed.



Step 4. Verify the token and complete the enrollment

After the burn process is completed, click Next and proceed with OTP verification. To verify the OTP, click on "Verify Now" button, and on the next step, enter the OTP code displayed on your miniOTP-1 device.



 Complete the process by clicking on "Verify".


Frequently asked questions


Q. Do I need tenant admin rights in order to use hardware tokens with cloud-hosted Azure MFA?

A. Not for cloud Azure MFA. miniOTP-1 fully emulates mobile apps, so it can be enabled (and disabled) by end users themselves.

Q. Can the miniOTP-1 token be reused for another user (i.e. if the previous owner left the company)?

A. Yes. the miniOTP-1 tokens are reprogrammable for an unlimited number of times. So the steps described above can be repeated for any user using any miniOTP-1 device (even previously owned).

Q. Why does the burner app crash when I scan the QR code? 

A. The QR code shown by default on this page is in Microsoft's proprietary format (phonefactor protocol) and is not compatible with the QR reader component of our app. Please make sure you switch to "Configure app without notifications" mode before scanning the QR code.

Q. Can I use both hardware and software token simultaneously?

A. Yes, as long as "Configure app without notifications" option is maintained. When you see the QR code after clicking "Configure app without notifications" you can scan it using a mobile app (such as Google Authenticator or Token2 Mobile OTP) before continuing with burning the seed on miniOTP-1 token.

Q. Can other types of hardware tokens (for example c200) be used with Azure MFA?

A. Onprem hosted MFA server (Azure MFA Server) supports any TOTP tokens, however, cloud Azure MFA is currently in public preview. Refer to this blog post for more details. Worth mentioning that the same tokens can be easily reused even after this feature becomes available.

Payment methods

   PayPal Logo
Large Volume Orders
For large orders, Token2 offers volume discounts.If you are interested in larger volume orders, please contact us and we will get back with a quote immediately