What is Multi-factor Authentication?
Multi-factor Authentication (MFA) is an approach to online security that requires you to provide more than one type of authentication for a login or other transaction.
Also known as ‘Two-step Verification’, MFA adds an extra layer of protection to your account and is used on a regular basis for many online transactions such as banking, shopping, or PayPal.
MFA requires you to authenticate using:
- Something you know: your username and password
- Something you have: a trusted device, such as your mobile phone, on which to receive and respond to verification requests
You must complete both authentication steps in order to access your University Microsoft Office 365 account when off campus or on eduroam.
Why do I need to use MFA?
Attackers are getting better at obtaining passwords (e.g. by phishing attacks). MFA adds a second layer of security to your account, making sure your account stays secure, even if someone else obtains your password. MFA is considered best practice by IT security and industry professionals.
When will I have to use MFA?
When using a device that is off campus - this includes on the eduroam network - you will be required to use MFA when logging into Office365 services, such as the Outlook (client and web), SharePoint Online and OneDrive for Business.
Setting up Multi-factor Authentication
Multi-factor Authentication is fast becoming essential to secure cloud-based services. For this reason, you are required to set up MFA on your University Microsoft Office 365 account.
We recommend you set up two or more of these authentication methods:
- Use the Microsoft Authenticator app on a mobile device (recommended)
- Receive a code by text
- Receive a call by phone
Consult the user guide that corresponds to the authentication method that you want to use.
We recommend that you download the PDF guide(s) to a convenient location (e.g. desktop) for future reference, and open links in a new window in your preferred browser.
- Multi-factor Authentication (MFA): Microsoft Authenticator App (Ver1.1)
- Multi-factor Authentication (MFA): Authenticator Phone (Ver1.1)
- I changed my registered phone number – what should I do?
If the phone number that is recorded as a method of authentication for you is incorrect you will need to re-setup your Security Info.
- If you have an alternative method of authentication such as the Microsoft Authenticator app, use that to sign in and then delete your old phone number and set up your new one.
- If you are unable to access this webpage because you cannot authenticate, please log a call with the Service Desk.
- It is recommended that you set up two or more methods of authentication.
- The mail app and/or calendar on my smartphone is coming up as blocked and no longer working - what can I do?
The mail/calendar app on your device may not be compatible with MFA. Consider installing the Outlook iOS/Android app, which does support MFA.
If you want to continue to use the iOS Mail app try removing your University mail account and re-adding it. Configure your mail account by signing in as instructed in the guide to iOS devices here.
- My method of accessing email is no longer working – what can I do?
If you have been using an email app or client that uses Basic Authentication (e.g. Outlook 2013; some native email clients on mobiles) this will no longer work.
You will now only be able to access your Office 365 email account using an app or client that supports Modern Authentication such as:
- Outlook 2016 or later (PC or Mac)
- Outlook app (iOS and Android)
- Apple Mail (latest version)
- Android Mail (latest version)
See configuration guides on Toolkit.
Alternatively, you can use Outlook Web Access (OWA) in any browser.
If you have Outlook 2013 you can upgrade to Microsoft Office 365 via the Software Center.
- I’m changing the mobile device I use for MFA – what should I do?
If you replace the mobile device that your code or verification request is sent to you will need to re-setup your Security Info.
- If you have your old device use that to authenticate before setting up methods on your new device.
- If you don’t have the old device but have retained a number that was used as a method of authentication, check that works on your new device before setting up other methods.
- Once you have set up methods on your new device, delete all methods pointing to the old device and (if relevant) delete your account in the Microsoft Authenticator app on your old device, before passing it on or disposing of it.
If you are unable to access this webpage because you cannot authenticate, please log a call with the Service Desk.
- How do I change my method of authentication (or add another method)?
You can do this via the setup Security Info website.
- What is the Microsoft Authenticator app?
This is a dedicated app that allows you to set up your smartphone or tablet as a means of authenticating access to your University Office 365 account when off campus or on the eduroam network. It will not add your University email account to your device.
- What iOS is required to use the Microsoft Authenticator app?
There is a minimum requirement of iOS11 to install and use the Microsoft Authenticator app on an iPhone or iPad. Check if your device is listed by Apple as being supported.
- Do I need to have a smartphone to use MFA?
No, you can also use a mobile phone or tablet. However, we recommend that if you have a smartphone, you use the Microsoft Authenticator app as this is the simplest way to approve an authentication prompt.
- My phone number was already there when I set up MFA for the first time. Why?
This is because you provided your phone number when registering for Self-Service Password Reset (SSPR) and the MFA and SSPR identity systems are closely linked.
- Do I need an Internet connection or phone signal?
No. If you have set up the Microsoft Authenticator app as an authentication method, it can generate a passcode without an internet connection or phone signal. Simply open the app to access the passcode. To avoid charges when overseas, you may want to use this authentication method.
If you have chosen to receive a passcode by text or phone call you will require a phone signal but not an internet connection.
- I have set this up but only been prompted once for MFA, how can I check I have done this properly?
Once you’ve set up an authentication method, you can login into the setup Security Info website as it is locked behind an MFA prompt.
- I use SSH Gateway what methods of authentication should I use?
Services such as SSH gateway cannot accept the entry of a code as a method of authentication.
If you use such services, you should set up the Microsoft Authenticator app so you can choose to approve via the notification on the app and/or set up phone call as a method of authentication.
You should set Microsoft Authenticator - notification or one of the phone call options as your default.
- I have dyscalculia, so receiving a code isn’t the best for me. Is there another option available?
The Microsoft Authenticator app allows you to choose Approve or Deny rather than enter a series of digits. You can download the Microsoft Authenticator app from your App store.