Multi-Factor Authentication

Multi-Factor Authentication

What is Multi-factor Authentication? 

Multi-factor Authentication (MFA) is an approach to online security that requires you to provide more than one type of authentication for a login or other transaction.

Why do I need to use MFA for my @aberdeen account?

Attackers are getting better at obtaining passwords (e.g. by phishing attacks) and recently, the Higher Education sector has been subjected to targeted cyber-attacks. @aberdeen email accounts are under constant attack and could be used to compromise the University and other institutions.

The introduction of MFA will strengthen the security of our online environments and make sure your account stays secure, even if someone else obtains your password.

MFA is considered best practice by IT security and industry professionals and is now a condition of use for @aberdeen email accounts.

How does MFA work?

Also known as ‘Two-Step Verification’, MFA adds an extra layer of protection to your account and is used on a regular basis for many online transactions such as banking, shopping, or PayPal.

MFA requires you to authenticate using:

  1. Something you know: your email address and password
  2. Something you have: a trusted device, such as your mobile phone, on which to receive and respond to verification requests

You must complete both authentication steps in order to access your Microsoft Office 365 @aberdeen account.

When will I have to use MFA?

When you sign into your Microsoft Office 365 @aberdeen email account on any device using client, app or web you will be required to use MFA.

Setting up Multi-factor Authentication

Multi-factor Authentication is fast becoming essential to secure cloud-based services. For this reason, you are required to set up MFA on your Microsoft Office 365 @aberdeen account.

You should set up two or more of the following authentication methods:

  • Use the Microsoft Authenticator app on a mobile device (recommended)
  • Receive a code by text
  • Receive a call by phone

User Guides

Consult the user guide that corresponds to the authentication method that you want to use.
We recommend that you download the PDF guide(s) to a convenient location (e.g. desktop) for future reference, and open links in a new window in your preferred browser.

Frequently Asked Questions

I received an email to say my account is blocked or email/calendar no longer work on a smartphone - what can I do?

The mail/calendar app on your device may not be compatible with MFA. 
Consider installing the Outlook iOS/Android app, which does support MFA.

If you want to continue to use the iOS Mail, Apple Mail or native Android app try removing your Microsoft Office 365 @aberdeen account and re-adding it.

Configuration guides for email apps and clients:

These email clients and apps are compatible with MFA:

  • Outlook 2016 or later (PC or Mac)
  • Outlook app (iOS and Android)
  • Apple Mail (MacOS 10.14+; iOS 11+)
  • Android Mail (Versions 6 and above)
Do I need to keep the Microsoft Authenticator app after first set up?

Yes. You must keep the Microsoft Authenticator app as you will need to use it to approve/authenticate when you sign into your Microsoft Office 365 @aberdeen email account.

I received an email in another account to say “It looks like we don't have permission to get email for …. my account” - what can I do?

This message indicates that you may have added your @aberdeen account as a connected account to another email account, as a way of viewing it. Now that MFA has been enabled the synchronisation (sync) between accounts has been interrupted.

You should follow the instructions you are sent to view your connected accounts and delete/disconnect your @aberdeen account. Microsoft no longer supports connected accounts.

You can still access your @aberdeen account by setting it up in a separate email client or app such as Outlook.

I changed my registered phone number – what should I do?

If the phone number that is recorded as a method of authentication for you is incorrect you will need to re-setup your Security Info.

  • If you have an alternative method of authentication such as the Microsoft Authenticator app, use that to sign in and then delete your old phone number and set up your new one.
  • If you are unable to access this webpage because you cannot authenticate, please use MyIT to report an issue to the IT Service Desk.
  • It is recommended that you set up two or more methods of authentication.
I’m changing the mobile device I use for MFA – what should I do?

If you replace the mobile device that your code or verification request is sent to you will need to re-setup your Security Info.

  • If you have your old device use that to authenticate before setting up methods on your new device.
  • If you don’t have the old device but have retained a number that was used as a method of authentication, check that works on your new device before setting up other methods.
  • Once you have set up methods on your new device, delete all methods pointing to the old device and (if relevant) delete your account in the Microsoft Authenticator app on your old device, before passing it on or disposing of it.

If you are unable to access this webpage because you cannot authenticate, please use MyIT to report an issue to the IT Service Desk.

How do I change my method of authentication (or add another method)?

You can do this via the setup Security Info website.

What is the Microsoft Authenticator app?

This is a dedicated app that allows you to set up your smartphone or tablet as a means of authenticating access to your Microsoft Office 365 @aberdeen email account. It will not add your email account to your device.

  • There is a minimum requirement of iOS11 to install on an iPhone or iPad.
    Check if your device is listed by Apple as being supported.
  • The requirement on Android is Version 6 or above.
Do I need to have a smartphone to use MFA?

No, you can also use a mobile phone or tablet. However, we recommend that if you have a smartphone, you use the Microsoft Authenticator app as this is the simplest way to approve an authentication prompt.

My phone number was already there when I set up MFA for the first time. Why?

This may be because you previously registered for Self-Service Password Reset (SSPR) and provided your phone number at that time; the MFA and SSPR identity systems are closely linked.

Do I need an Internet connection or phone signal?

No. If you have set up the Microsoft Authenticator app as an authentication method, it can generate a passcode without an internet connection or phone signal. Simply open the app to access the passcode. To avoid charges when overseas, you may want to use this authentication method.

If you have chosen to receive a passcode by text or phone call you will require a phone signal but not an internet connection.

I have set this up but only been prompted once for MFA - how can I check I have done this properly?

Once you’ve set up an authentication method, you can login into the setup Security Info website as it is locked behind an MFA prompt.